{ config, lib, pkgs, stdenv, ... }:
let
  deconz-full = pkgs.callPackage ./pkg/default.nix { };
  deconz = deconz-full.deCONZ;
in
{
  environment.systemPackages = with pkgs; [
    deconz
  ];


  users.users."deconz" = {
    createHome = true;
    isSystemUser = true;
    group = "dialout";
    home = "/home/deconz";
  };

  systemd.services.deconz = {
    enable = true;
    description = "deconz";
    after = [ "network.target" ];
    wantedBy = [ "multi-user.target" ];
    stopIfChanged = false;
    serviceConfig = {
      ExecStart = "${deconz}/bin/deCONZ -platform minimal --http-port=8080 --ws-port=8081 --http-listen=127.0.0.1 --dev=/dev/ttyACM0";
      ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
      Restart = "always";
      RestartSec = "10s";
      # StartLimitInterval = "1min";
      # StateDirectory = "/var/lib/deconz";
      User = "deconz";
      # DeviceAllow = "char-ttyUSB rwm";
      # DeviceAllow = "char-usb_device rwm";
      # AmbientCapabilities="CAP_NET_BIND_SERVICE CAP_KILL CAP_SYS_BOOT CAP_SYS_TIME";
    };
  };

  services.nginx.virtualHosts."deconz.cloonar.com" = {
    forceSSL = true;
    enableACME = true;
    acmeRoot = null;
    extraConfig = ''
      proxy_buffering off;
    '';
    locations."/".extraConfig = ''
      set $p 8080;
      if ($http_upgrade = "websocket") {
          set $p 8081;
      }
      proxy_pass http://127.0.0.1:$p;
      proxy_set_header Host $host;
      proxy_redirect http:// https://;
      proxy_http_version 1.1;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;
    '';
  };
}