{ pkgs, lib, config, ... }:
let
  app = "boisar";
  # domain = "bois-ar.com";
  domain = "bois-ar.hemono.fr";
  dataDir = "/srv/http/${app}";
in {
  services.phpfpm.pools.${app} = {
    user = app;
    settings = {
      "listen.owner" = config.services.nginx.user;
      "pm" = "dynamic";
      "pm.max_children" = 15;
      "pm.max_requests" = 500;
      "pm.start_servers" = 2;
      "pm.min_spare_servers" = 1;
      "pm.max_spare_servers" = 3;
      "php_admin_value[error_log]" = "stderr";
      "php_admin_flag[log_errors]" = true;
      "catch_workers_output" = true;
    };
    phpEnv."PATH" = lib.makeBinPath [ pkgs.php ];
  };
  services.nginx = {
    enable = true;
    virtualHosts.${domain} = {
      # serverAliases = ["www.bois-ar.com"];
      forceSSL = true;
      enableACME = true;
      root = dataDir;
      locations = {
        "= /favicon.ico" = {
          extraConfig = ''
            log_not_found off;
            access_log off;
          '';
        };
        "= /robots.txt" = {
          extraConfig = ''
            allow all;
            log_not_found off;
            access_log off;
          '';
        };
        "~ \.php$" = {
          tryFiles = "$uri =404";
          extraConfig = ''
            fastcgi_pass unix:${config.services.phpfpm.pools.${app}.socket};
            include ${pkgs.nginx}/conf/fastcgi.conf;
            fastcgi_intercept_errors on;
          '';
        };
        "~* \.(js|css|png|jpg|jpeg|gif|ico)$" = {
          extraConfig = ''
            expires max;
            log_not_found off;
          '';
        };
      };
      # WP Super Cache rules.
      # Designed to be included from a 'wordpress-ms-...' configuration file.
      extraConfig = ''
        index index.php; # Not related to super cache
        set $cache_uri $request_uri;
        # POST requests and urls with a query string should always go to PHP
        if ($request_method = POST) {
            set $cache_uri 'null cache';
        }
        if ($query_string != "") {
            set $cache_uri 'null cache';
        }
        # Don't cache uris containing the following segments
        if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
            set $cache_uri 'null cache';
        }
        # Don't use the cache for logged in users or recent commenters
        if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in") {
            set $cache_uri 'null cache';
        }
      '';
      # Use cached or actual file if they exists, otherwise pass request to WordPress
      locations."/" = {
        tryFiles = "/wp-content/cache/supercache/$http_host/$cache_uri/index-$scheme.html $uri $uri/ /index.php?$args";
      };
    };
  };
  users.users.${app} = {
    isSystemUser = true;
    createHome = true;
    home = dataDir;
    homeMode = "750";
    group = app;
  };
  users.groups.${app} = {};
  users.users.nginx.extraGroups = [ app ];
  services.mysql = {
    enable = true;
    ensureDatabases = [ app ];
    ensureUsers = [
      {
        name = app;
        ensurePermissions = {
          "${app}.*" = "ALL PRIVILEGES";
        };
      }
    ];
  };
}