{ lib, pkgs, ... }:

{
  services.nginx.virtualHosts.default.locations."= /owncast" = {
    proxyPass = "http://unix:/run/cgiserver/owncast-integration.sock";
  };

  systemd.sockets.owncast-integration = {
    wantedBy = [ "sockets.target" ];
    socketConfig.ListenStream = "/run/cgiserver/owncast-integration.sock";
  };

  systemd.services.owncast-integration = {
    path = with pkgs; [ curl jq libressl.nc ];
    serviceConfig.ExecStart = "${lib.getExe pkgs.cgiserver} -r /owncast ${pkgs.bash}/bin/sh ${./hook.cgi.sh}";
    serviceConfig.LoadCredential = [ "owncast-inbound" "owncast-outbound" ];
  };
}