{ config, pkgs, ... }:

{
  services.dokuwiki."malo-wiki-name" = {
    enable = true;
    aclUse = true;
    acl = "* @ALL 8";  # everyone can edit using this config
    # note there is a users file at
    # /var/lib/dokuwiki/<wiki-name>/users.auth.php
    # makes sense to edit it by hand
    superUser = "@admin";
    plugins = let
      plugin-todo = pkgs.stdenv.mkDerivation {
        name = "todo";
        src = pkgs.fetchFromGitHub {
          owner = "leibler";
          repo = "dokuwiki-plugin-todo";
          rev = "7e36f4fffc46df9e2fd116d7d6dc326202530b71";
          sha256 = "sha256-o794cFdnVEUHvLRP/UzrD26fzNGa9gYzR7sw2Ns8tvo=";
        };
        buildInputs = [ pkgs.unzip ];
        installPhase = "mkdir -p $out; cp -R * $out/";
      };
    in [ plugin-todo ];
    disableActions = "register";
    extraConfig = ''
      $conf['title'] = 'malobeo wiki';
      $conf['lang'] = 'en';
    '';
  };
  # nginx with self-signed ceritificate:
  # generate key using:
  # $ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout nginx-selfsigned.key -out nginx-selfsigned.crt
  # I followed the guide on https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-in-ubuntu-18-04
  services.nginx.virtualHosts."malo-wiki-name" = {
    addSSL = true;
    sslCertificate = "/etc/nixos/nginx-selfsigned.crt";
    sslCertificateKey = "/etc/nixos/nginx-selfsigned.key";
  };
  # open ports for HTTP and HTTPS
  networking.firewall.allowedTCPPorts = [ 80 443 ];
  networking.firewall.allowedUDPPorts = [ 80 443 ];

  # generic nginx configuration
  services.nginx = {
    enable = true;
    recommendedOptimisation = true;
    recommendedTlsSettings = true;
    recommendedGzipSettings = true;
    recommendedProxySettings = true;
    sslProtocols = "TLSv1.3";
    sslCiphers = "EECDH+AESGCM:EDH+AESGCM";
    sslDhparam = "/etc/nixos/dhparam.pem";
  };
}