{ config, lib, pkgs, ... }:

let cfg = config.sydnix.deertopia.copyparty.webdav;
in {
  options.sydnix.deertopia.copyparty.webdav = {
    enable = lib.mkEnableOption "WebDAV via copyparty";
    port = lib.mkOption {
      type = lib.types.port;
      description = ''
        Port on which Copyparty shall listen for WebDAV traffic.
      '';
      default = 3924;
    };
  };

  # https://github.com/9001/copyparty/issues/1142
  config = lib.mkIf cfg.enable {
    services.copyparty.settings = {
      rproxy = -1;
      xff-src = "lan";
      daw = true;
      dav-auth = true;
      ihead = "*";
      ohead = "*";
      dav-port = cfg.port;
    };

    services.authelia.instances.deertopia.settings =
      lib.mkIf config.sydnix.deertopia.authelia.enable {
        access_control.rules = lib.mkBefore [
          {
            domain = "dav.deertopia.net";
            policy = "bypass";
            methods = [ "OPTIONS" "PROPFIND" ];
          }
        ];
      };

    sydnix.deertopia.nginx.vhosts."dav" = {
      directory = null;
      vhost = {
        forceSSL = true;
        enableACME = true;
        extraConfig = ''
          include ${../authelia/authelia-location.conf};
          # Increase limit of upload sizes.
          client_max_body_size 20G;
        '';
        locations."/".extraConfig = ''
          include ${../authelia/authelia-authrequest.conf};
          include ${../authelia/proxy.conf};
          proxy_pass http://localhost:${builtins.toString cfg.port};
        '';
      };
    };
  };
}