{ pkgs, website, ... }:
let
  port = 4322;
  dataDir = "/srv/wynne";
  buildDir = "${dataDir}/build";

  deployScript = pkgs.writeShellScript "wynne-deploy" ''
    set -e
    rm -rf ${buildDir}
    cp -r --no-preserve=mode,ownership ${website} ${buildDir}
    cd ${buildDir}
    ${pkgs.pnpm}/bin/pnpm install --frozen-lockfile
    ASTRO_DB_REMOTE_URL=file:${dataDir}/data/guestbook.db ${pkgs.pnpm}/bin/pnpm build
  '';
in
{
  services.caddy.virtualHosts."wynne.rs" = {
    extraConfig = ''
      reverse_proxy localhost:${toString port}
      encode zstd gzip
    '';
  };

  services.caddy.virtualHosts."ily.rs" = {
    extraConfig = ''
      redir https://wynne.rs{uri} permanent
    '';
  };

  systemd.services.wynne-deploy = {
    description = "Build wynne.rs from source";
    path = [ pkgs.nodejs ];
    serviceConfig = {
      Type = "oneshot";
      ExecStart = deployScript;
    };
  };

  systemd.services.wynne = {
    description = "wynne.rs";
    after = [ "network.target" "wynne-deploy.service" ];
    requires = [ "wynne-deploy.service" ];
    wantedBy = [ "multi-user.target" ];
    environment = {
      HOST = "127.0.0.1";
      PORT = toString port;
      ASTRO_DB_REMOTE_URL = "file:${dataDir}/data/guestbook.db";
    };
    serviceConfig = {
      Type = "simple";
      WorkingDirectory = buildDir;
      ExecStart = "${pkgs.nodejs}/bin/node dist/server/entry.mjs";
      Restart = "on-failure";
      User = "wynne";
      Group = "wynne";
      ReadWritePaths = [ dataDir ];
    };
  };

  users.users.wynne = {
    isSystemUser = true;
    group = "wynne";
    home = dataDir;
  };
  users.groups.wynne = {};
}