{ pkgs, ... }:
let secrets = import ./secrets/secrets.nix;
    services = import ./services.nix;
    lib = import ./lib.nix;
in

lib.foldMap ({ name, ip, config, ... }: 
{
  containers.${name} = {
    autoStart = true;
    ephemeral = true;
    privateNetwork = true;
    hostAddress = ip.host;
    localAddress = ip.local;
    config = config;
  };
}
) services

//

{
  # [NGINX]
  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    virtualHosts =
      lib.foldMap ({ ip, port, hosts, ... }: 
        lib.foldMap (host: 
        {
          "${host}" = {
            locations."/".proxyPass = "http://${ip.local}:${builtins.toString port}";
          };
        }
        ) hosts
      ) services;
  };

  # [NETWORK]
  networking.firewall.allowedTCPPorts = [ 80 ];
  networking.firewall.allowedUDPPorts = [ ];

  # VM test user
  users.users.admin.isNormalUser = true;
  users.users.admin.hashedPassword = pkgs.lib.removeSuffix "\n" 
    (builtins.readFile ./secrets/admin_password);
  users.users.admin.group = "admin";
  users.groups.admin = {};

  system.stateVersion = "23.11";

}