{ config, lib, pkgs, ... }:
let

  hostname = "seafile.gaykraft.com";
  port = 3030;
  home = "/home/seafile";
  serviceName = "seafile-docker";

in {

  services.nginx = {
    enable = true;
    statusPage = true;
    virtualHosts = {
      "seafile.${config.networking.hostName}.private" = {
        serverAliases = [ ];
        locations."/" = {
          proxyPass =
            "http://${config.networking.hostName}.private:${toString port}";
        };
      };
    };
  };

  systemd.services."${serviceName}" = {
    enable = true;
    description = "seafile service running as docker";
    after = [ "network.target" "docker.service" ];
    requires = [ "docker.service" ];
    wantedBy = [ "multi-user.target" ];
    script = ''
      # delete old instance to ensure update
      ${pkgs.docker}/bin/docker stop seafile || true && ${pkgs.docker}/bin/docker rm -f seafile || true
      # start instance
      ${pkgs.docker}/bin/docker run \
        --name seafile \
        --env SEAFILE_SERVER_HOSTNAME=${hostname} \
        --env SEAFILE_ADMIN_EMAIL="root@${hostname}"  \
        --env SEAFILE_ADMIN_PASSWORD="${
          lib.fileContents <secrets/seafile/root>
        }" \
        --volume ${home}:/shared \
        --publish ${toString port}:80 \
        seafileltd/seafile:latest
    '';
  };

  virtualisation.docker.enable = lib.mkDefault true;

}