{ config, pkgs, ... }:
let 
  hugoDir = "/home/alisceon/blog";
in
{
  imports =
    [ ./hardware-configuration.nix ];
  networking.hostName = "blogbox";
  boot.initrd.enable = true;
  boot.loader = {
    systemd-boot = {
      enable = true;
    }; # end loader.systemd-boot
  }; # end boot
  networking.firewall = {
    enable = true;
    allowedTCPPorts = [ 22 80 443 ];
    allowedUDPPorts = [ 443 ];
  };
  environment = {
    systemPackages = with pkgs; [
      hugo
      caddy
      ddclient
    ]; # end systemPackages
  }; # end environment
  systemd = {
    services = {
      "pull-blog" = {
        wantedBy = [ "multi-user.target" ];
        script = ''
          git pull origin main
          hugo
        '';
        serviceConfig = {
          type = "oneshot";
          user = "alisceon";
          workingDirectory = hugoDir;
        }; # end serviceConfig
      }; # end pull-blog
      "ddclient" = {
        description = "Dynamic DNS client";
        wantedBy = [ "multi-user.target" ];
        serviceConfig = {
          ExecStart = "${pkgs.ddclient}/bin/ddclient -foreground -file /etc/blogbox/ddclient.conf";
          Restart = "on-failure";
          User = "root";
          EnvironmentFile = "/etc/blogbox/.env";
        }; # end serviceConfig
      }; # end ddclient
    }; # end services
    timers = {
      "pull-blog" = {
        wantedBy = [ "timers.target" ];
        timerConfig = {
          OnBootSec = "5min";
          OnUnitActiveSec = "5min";
          Persistent = true;
        }; # end timerConfig
      }; # end pull-blog
      "ddclient" = {
        wantedBy = [ "timers.target" ];
        timerConfig = {
          OnBootSec = "5min";
          OnUnitActiveSec = "5min";
          Persistent = true;
        }; # end timerConfig
      }; # end ddclient
    }; # end timers
  };  # end systemd
  services= {
    caddy = {
      enable = true;
      environmentFile = "/etc/blogbox/.env";
      virtualHosts = {
        "blog" = {
          hostName = "${DOMAIN}";
          forceSSL = true;
          root = "${hugoDir}/public";
          index = "index.html";
          log = [ "stdout" "stderr" ];
          fileServer = { };
          tls = {
            email = ""
          }; # end tls
        }; # end {$DOMAIN}
      }; # end virtualHosts
    }; # end caddy
  }; # end services.caddy
  environment = {
    etc = {
      "blogbox/ddclient.conf" = {
        text = ''
          use=web, web=dynamicdns.park-your-domain.com/getip
          protocol=namecheap
          server=dynamicdns.park-your-domain.com
          login_env=DOMAIN
          password_env=DDNS_PASSWORD
          @
        '';
        mode = "600";
      };
      "blogbox/.env.example" = {
        text = ''
          HUGO_DIR=${hugoDir}
          HUGO_ENV=production
          DOMAIN=example.com
          DDNS_PASSWORD=yourpassword
          NAMECHEAP_API_KEY=yourapikey
        '';
        mode = "600";
      };
    }; # end etc
  };
} # end file