{ hostRegistry, nixosConfigurations, config, pkgs, lib, ... }:

{
  imports = [
    ./proxy.nix
    ./stats.nix
  ];

  networking.hostName = "public-access-proxy";
  networking.useNetworkd = true;
  networking.interfaces.eth0 = {
    ipv4.addresses = [{
      address = "172.20.73.45";
      prefixLength = 26;
    }];
  };
  networking.defaultGateway = "172.20.73.1";

  my.services.proxy = {
    enable = true;
    proxyHosts = [
      # Manual forwarding configurations
      {
        hostNames = [ "vps1.nixvita.de" "vps1.codetu.be" "nixvita.de" ];
        proxyTo.host = "172.20.73.51";
        matchArg = "-m end";
      }
    ] ++
    # Generated forwarding configurations from other nixosConfigurations
    map (host:
      let
        nixosConfig = nixosConfigurations.${host}.config;
      in {
        hostNames =
          builtins.filter (vhost: vhost != "localhost") (
            builtins.concatMap (vhost:
              let
                vhostConfig = nixosConfig.services.nginx.virtualHosts.${vhost};
              in [ vhost ] ++ vhostConfig.serverAliases
            ) (builtins.attrNames nixosConfig.services.nginx.virtualHosts)
          );
        proxyTo.host =
          if hostRegistry.hosts.${host} ? ip6
          then "[${hostRegistry.hosts.${host}.ip6}]"
          else if hostRegistry.hosts.${host} ? ip4
          then hostRegistry.hosts.${host}.ip4
          else throw "No known addresses for ${host}";
      }
    ) (builtins.attrNames (
      lib.filterAttrs (_: nixos:
        nixos.config.services.nginx.enable
      ) nixosConfigurations
    ));
  };

  networking.firewall.allowedTCPPorts = [ 80 443 ];

  system.stateVersion = "18.09";
}