{
  povSelf,
  hostConfig,
  config,
  pkgs,
  lib,
  ...
}:

let
  inherit (lib) types;
  cfg = lib.getAttrFromPath povSelf config;

in
{

  options = {
    enable = {
      type = types.bool;
      default = false;
    };
    domain = {
      type = types.str;
      default = "zaphyra.eu";
    };
    subdomain = {
      type = types.str;
      default = "oeffi";
    };
  };

  config = lib.mkIf cfg.enable {
    dns.zones = {
      "${cfg.domain}".subdomains."${cfg.subdomain}".CNAME = [ "${config.networking.fqdn}." ];
      "katja.wtf".subdomains."${cfg.subdomain}".CNAME = [ "${config.networking.fqdn}." ];
    };

    services.nginx = {
      enable = true;
      appendHttpConfig = ''
        resolver 1.1.1.1 valid=300s;

        map $vendotarget $vendopath {
          default    no;
          locations  '/mob/location/search';
          location   '/mob/location/details';
          journeys   '/mob/angebote/fahrplan';
          journey    '/mob/angebote/recon';
          departures '/mob/bahnhofstafel/abfahrt';
          trip       '/mob/zuglauf';
        }

        map $hafastarget $hafasurl {
          default no;
          nahsh   nah.sh.hafas.de;
          rmv     www.rmv.de;
          bvg     bvg-apps-ext.hafas.de;
          oebb    fahrplan.oebb.at;
        }

        map $hafastarget $hafaspath {
          default no;
          nahsh   '/bin/mgate.exe';
          rmv     '/auskunft/bin/jp/mgate.exe';
          bvg     '/bin/mgate.exe';
          oebb    '/bin/mgate.exe';
        }
      '';

      virtualHosts."${cfg.subdomain}.${cfg.domain}" = {
        serverAliases = [ "oeffi.katja.wtf" ];
        useACMEHost = "${config.networking.fqdn}";
        forceSSL = true;
        kTLS = true;
        root = pkgs.oeffisearch;
        extraConfig = ''
          merge_slashes off;
          large_client_header_buffers 4 16k;
        '';

        locations."/db/vehicle-sequence".extraConfig = ''
          proxy_ssl_server_name on;
          proxy_ssl_name        www.bahn.de;
          proxy_set_header      Host www.bahn.de;
          proxy_hide_header    'set-cookie';
          proxy_pass            https://www.bahn.de/web/api/reisebegleitung/wagenreihung/vehicle-sequence$is_args$args;
        '';

        locations."~ ^/db/vendo/(?<vendotarget>[a-z]+)(/([^\\r\\n].*))?$".extraConfig = ''
          if ($vendopath = no) {
            return 400;
          }

          if ($vendotarget = 'trip') {
            set $vendopath '$vendopath$2';
          }

          if ($vendotarget = 'location') {
            set $vendopath '$vendopath$2';
          }

          set $vendodomain 'app.vendo.noncd.db.de';

          proxy_ssl_server_name on;
          proxy_ssl_name        $vendodomain;
          proxy_set_header      Host $vendodomain;
          proxy_hide_header    'set-cookie';
          proxy_pass            https://$vendodomain$vendopath;
        '';

        locations."~ ^/hafas/(?<hafastarget>.*)$".extraConfig = ''
          if ($hafasurl = no) {
            return 400;
          }

          proxy_ssl_server_name on;
          proxy_ssl_name        $hafasurl;
          proxy_set_header      Host $hafasurl;
          proxy_hide_header    'set-cookie';
          proxy_pass            https://$hafasurl$hafaspath;
        '';
      };
    };
  };

}