{ config, pkgs, ... }:

# initially login as `admin@localhost` with the passwords `admin`
# (yes, I've changed this, this is just a note for if I forget when reading
# this in the future)

{
  # so the default pretix module doesn't allow TLS foo by default, don't ask
  # me why...
  services.nginx.virtualHosts."tickets.emile.space" = {
    forceSSL = true;
    enableACME = true;
  };

  services = {
    pretix = {
      enable = true;
      package = pkgs.pretix;
      plugins = with config.services.pretix.package.plugins; [ passbook pages ];
      user = "pretix";
      group = "pretix";
      gunicorn.extraArgs = [
        "--name=pretix"
        "--workers=4"
        "--max-requests=1200"
        "--max-requests-jitter=50"
        "--log-level=info"
      ];
      nginx = {
        enable = true;
        domain = "tickets.emile.space";
      };
      settings = {
        pretix = {
          instance_name = "tickets.emile.space";
          url = "https://tickets.emile.space";
          currency = "EUR";
          datadir = "/var/lib/pretix";
          cookie_domain = "tickets.emile.space";
          trust_x_forwarded_for = "on";
          trust_x_forwarded_proto = "on";
        };

        database = {
          backend = "sqlite3";
        };

        mail = {
          from = "tickets@emile.space";
          host = "mail.emile.space";
          user = "mail";
          password = "${config.age.secrets.mail_password.path}";
          port = 1025;
          tls = "on";
          ssl = "off";
        };

        redis = {
          location = "unix://${config.services.redis.servers.pretix.unixSocket}?db=0";
          sessions = true;
        };
      };
    };
  };
}