{ pkgs, lib, tree, ... }:
let
  ports = (import ../ports.nix { });
  secrets-db = (import ../secrets-db.nix { });
in {
  environment.systemPackages = with pkgs; [ mpc_cli ];

  services.mpd = {
    enable = true;
    network.listenAddress = "0.0.0.0";
    musicDirectory = "https://storage-webdav.owo.monster/music_ro/";
    credentials = [{
      passwordFile = "${secrets-db.mpd_control_password.path}";
      permissions = [ "read" "add" "control" "admin" ];
    }];
    extraConfig = ''
      host_permissions "127.0.0.1 read,add,control,admin"
      samplerate_converter "0"
      metadata_to_use "title,artist"
      auto_update "yes"
      audio_buffer_size "4096"
      replaygain "track"
      audio_output_format "44100:16:2"
      audio_output {
        type		"httpd"
        name		"HTTP Opus"
        encoder		"opus"
        port		"${toString ports.mpd-opus}"
        bitrate		"96000"
        format		"44100:16:2"
        always_on       "yes"
        tags            "yes"
        signal "music"
        packet_loss "5"
      }
      audio_output {
        type		"httpd"
        name		"HTTP FLAC"
        encoder		"flac"
        port		"${toString ports.mpd-flac}"
        format		"44100:16:2"
        always_on       "yes"
        tags            "yes"
      }
    '';
  };

  services.nginx.virtualHosts."stream.owo.monster" = {
    forceSSL = true;
    enableACME = true;
    locations = {
      "/" = {
        proxyPass = "http://127.0.0.1:${toString ports.mpd-opus}";
        extraConfig = ''
          auth_basic "Music Password";
          auth_basic_user_file ${secrets-db.music_stream_passwd.path}; 
        '';
      };
      "/flac" = {
        proxyPass = "http://127.0.0.1:${toString ports.mpd-flac}";
        extraConfig = ''
          auth_basic "Music Password";
          auth_basic_user_file ${secrets-db.music_stream_passwd.path}; 
        '';
      };
    };
  };

  networking.firewall.allowedTCPPorts = [ 6600 ];
}