{
  config,
  pkgs,
  lib,
  ...
}:

{

  options.zpha.websites."oeffi.zaphyra.eu".enable = lib.mkEnableOption "";

  config = lib.mkIf config.zpha.websites."oeffi.zaphyra.eu".enable {
    dns.zones = {
      "zaphyra.eu".subdomains."oeffi".CNAME = [ "${config.networking.fqdn}." ];
      "katja.wtf".subdomains."oeffi".CNAME = [ "${config.networking.fqdn}." ];
    };

    services.nginx = {
      appendHttpConfig = ''
        resolver 1.1.1.1 valid=300s;

        map $vendotarget $vendopath {
          default    no;
          locations  '/mob/location/search';
          location   '/mob/location/details';
          journeys   '/mob/angebote/fahrplan';
          journey    '/mob/angebote/recon';
          departures '/mob/bahnhofstafel/abfahrt';
          trip       '/mob/zuglauf';
        }

        map $hafastarget $hafasurl {
          default no;
          nahsh   nah.sh.hafas.de;
          rmv     www.rmv.de;
          bvg     bvg-apps-ext.hafas.de;
          oebb    fahrplan.oebb.at;
        }

        map $hafastarget $hafaspath {
          default no;
          nahsh   '/bin/mgate.exe';
          rmv     '/auskunft/bin/jp/mgate.exe';
          bvg     '/bin/mgate.exe';
          oebb    '/bin/mgate.exe';
        }
      '';

      virtualHosts."oeffi.zaphyra.eu" = {
        serverAliases = [ "oeffi.katja.wtf" ];
        useACMEHost = config.networking.fqdn;
        forceSSL = true;
        kTLS = true;
        root = pkgs.zpha.oeffisearch;
        extraConfig = ''
          merge_slashes off;
          large_client_header_buffers 4 16k;
        '';

        locations = {
          "/db/vehicle-sequence".extraConfig = ''
            proxy_ssl_server_name on;
            proxy_ssl_name        www.bahn.de;
            proxy_set_header      Host www.bahn.de;
            proxy_hide_header    'set-cookie';
            proxy_pass            https://www.bahn.de/web/api/reisebegleitung/wagenreihung/vehicle-sequence$is_args$args;
          '';

          "~ ^/db/vendo/(?<vendotarget>[a-z]+)(/([^\\r\\n].*))?$".extraConfig = ''
            if ($vendopath = no) {
              return 400;
            }

            if ($vendotarget = 'trip') {
              set $vendopath '$vendopath$2';
            }

            if ($vendotarget = 'location') {
              set $vendopath '$vendopath$2';
            }

            set $vendodomain 'app.services-bahn.de';

            proxy_ssl_server_name on;
            proxy_ssl_name        $vendodomain;
            proxy_set_header      Host $vendodomain;
            proxy_hide_header    'set-cookie';
            proxy_pass            https://$vendodomain$vendopath;
          '';

          "~ ^/hafas/(?<hafastarget>.*)$".extraConfig = ''
            if ($hafasurl = no) {
              return 400;
            }

            proxy_ssl_server_name on;
            proxy_ssl_name        $hafasurl;
            proxy_set_header      Host $hafasurl;
            proxy_hide_header    'set-cookie';
            proxy_pass            https://$hafasurl$hafaspath;
          '';
        };
      };
    };
  };

}