{ pkgs, config, lib, ... }:
with lib;
let
  cfg = config.services.goaccess;
in {
  options.services.goaccess = {
    enable = mkEnableOption "GoAccess dashboard";
    group = mkOption {
      type = types.str;
    };
    user = mkOption {
      type = types.str;
    };
    dir = mkOption {
      type = types.str;
    };
    host = mkOption {
      type = types.str;
    };
  };
  config = mkIf cfg.enable {
    systemd.services.goaccess = {
      wantedBy = [ "multi-user.target" ];
      after = [ "network.target" ];
      description = "GoAccess live dashboard";
      serviceConfig = {
        Type = "forking";
        User = cfg.user;
        ExecStart = "${pkgs.goaccess}/bin/goaccess  --ignore-crawlers -f /var/log/nginx/access.log --enable-panel=REFERRERS --enable-panel=KEYPHRASES --log-format COMBINED -o ${cfg.dir}/report.html --real-time-html";
        Restart = "on-failure";
      };
    };
    users.users."${cfg.user}" = {
      isSystemUser = true;
      description = "GoAccess runner";
      group = cfg.group;
    };

    systemd.tmpfiles.rules = [
      "d ${cfg.dir} 0755 ${cfg.user} ${cfg.group}"
    ];

    services.nginx.virtualHosts."${cfg.host}" = {
      addSSL = true;
      enableACME = true;
      root = cfg.dir;
    };
  };
}