{ config, pkgs, lib, spacebar-server, rootDomain, ... }:

{
  services = {
    nginx = {
      enable = true;
      package = pkgs.nginxMainline;
      recommendedProxySettings = true;
      recommendedZstdSettings = true;
      recommendedGzipSettings = true;
      recommendedBrotliSettings = true;
      recommendedOptimisation = true;
      appendConfig = ''
        worker_processes 16;
        '';
       eventsConfig = ''
        #use kqueue;
        worker_connections 512;
        '';
      appendHttpConfig = ''
        #sendfile on;
        disable_symlinks off;
      '';
      additionalModules = with pkgs.nginxModules; [
        moreheaders
      ];
      virtualHosts = {
        "${rootDomain}" = {
          locations."= /.well-known/spacebarchat/client".extraConfig = ''
            more_set_headers 'Content-Type application/json';
            more_set_headers 'Access-Control-Allow-Origin *';
            return 200 '${builtins.toJSON {
              cdn = "cdn.${rootDomain}";
              gateway = "gateway.${rootDomain}";
              api = "api.${rootDomain}";
            }}';
          '';
        };
        "api.${rootDomain}" = {
          locations."/" = {
            proxyPass = "http://127.0.0.1:3001"; 
            extraConfig = ''
              if ($request_method = 'OPTIONS') {
                more_set_headers 'Access-Control-Allow-Origin: *';
                more_set_headers 'Access-Control-Allow-Methods: *';
                #
                # Custom headers and headers various browsers *should* be OK with but aren't
                #
                more_set_headers 'Access-Control-Allow-Headers: *';
                #
                # Tell client that this pre-flight info is valid for 20 days
                #
                more_set_headers 'Access-Control-Max-Age: 1728000';
                more_set_headers 'Content-Type: text/plain; charset=utf-8';
                more_set_headers 'Content-Length: 0';
                return 204;
              }
            '';
          };
        };
        "cdn.${rootDomain}" = {
          locations."/" = {
            proxyPass = "http://127.0.0.1:3003"; 
            extraConfig = ''
              if ($request_method = 'OPTIONS') {
                more_set_headers 'Access-Control-Allow-Origin: *';
                more_set_headers 'Access-Control-Allow-Methods: *';
                #
                # Custom headers and headers various browsers *should* be OK with but aren't
                #
                more_set_headers 'Access-Control-Allow-Headers: *';
                #
                # Tell client that this pre-flight info is valid for 20 days
                #
                more_set_headers 'Access-Control-Max-Age: 1728000';
                more_set_headers 'Content-Type: text/plain; charset=utf-8';
                more_set_headers 'Content-Length: 0';
                return 204;
              }
            '';
          };
        };
        "gateway.${rootDomain}" = {
          locations."/" = {
            proxyPass = "http://127.0.0.1:3002"; 
            extraConfig = ''
              if ($request_method = 'OPTIONS') {
                more_set_headers 'Access-Control-Allow-Origin: *';
                more_set_headers 'Access-Control-Allow-Methods: *';
                #
                # Custom headers and headers various browsers *should* be OK with but aren't
                #
                more_set_headers 'Access-Control-Allow-Headers: *';
                #
                # Tell client that this pre-flight info is valid for 20 days
                #
                more_set_headers 'Access-Control-Max-Age: 1728000';
                more_set_headers 'Content-Type: text/plain; charset=utf-8';
                more_set_headers 'Content-Length: 0';
                return 204;
              }
            '';
          };
        };
      };
    };
  };
  
  systemd.services.nginx.serviceConfig = {
    LimitNOFILE=5000000;
  };

  system.stateVersion = "22.11"; # DO NOT EDIT!
}