{
  lib,
  config,
  ...
}:
let
  cfg = config.my.websites.lidarrMbReport;
  mbSecurityHeaders = ''
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
  '';
in
{
  options.my.websites.lidarrMbReport = {
    enableProxy = lib.mkEnableOption "lidarr mb report static site";
  };
  config = lib.mkIf (cfg.enableProxy && config.my.enableProxy) {
    services.nginx.virtualHosts."mb-report.lebubu.org" = {
      forceSSL = true;
      enableACME = true;
      root = "/var/www/html/lidarr-mb-gap";
      locations = {
        "/" = {
          extraConfig = ''
            try_files $uri /missing_albums.html;
            ${mbSecurityHeaders}
          '';
        };
        "~* \\.html$" = {
          extraConfig = ''
            add_header Content-Type "text/html; charset=utf-8";
            ${mbSecurityHeaders}
          '';
        };
        "~* \\.json$" = {
          extraConfig = ''
            add_header Content-Type "application/json";
            ${mbSecurityHeaders}
          '';
        };
      };
    };
  };
}