{ config, pkgs, ... }:

{
  services.traefik = {
    enable = true;
    staticConfigOptions = {
      entryPoints = {
        web = {
          address = ":80";
          http.redirections.entryPoint = {
            to = "websecure";
            scheme = "https";
          };
        };
        websecure = {
          address = ":443";
          http.tls = {
            certResolver = "letsencrypt";
          };
        };
      };

      api = {
        dashboard = false;
        insecure = false;  # Включить только для отладки, лучше использовать безопасный доступ
      };

      certificatesResolvers.letsencrypt.acme = {
        email = "luc_ren@blnt-cult.ru";
        storage = "${config.services.traefik.dataDir}/acme.json";
        httpChallenge.entryPoint = "web";
      };
    };

    dynamicConfigOptions = {
      http = {
        routers = {
          jellyfin = {
            rule = "Host(`jellyfin.project-a.space`)";
            service = "jellyfin";
            entryPoints = ["websecure"];
            tls = {
              certResolver = "letsencrypt";
            };
          };
          jellyseerr = {
            rule = "Host(`jellyseerr.project-a.space`)";
            service = "jellyseerr";
            entryPoints = ["websecure"];
            tls = {
              certResolver = "letsencrypt";
            };
          };
        };
        services = {
          jellyfin.loadBalancer.servers = [
            { url = "http://127.0.0.1:8096"; }
          ];
          jellyseerr.loadBalancer.servers = [
            { url = "http://127.0.0.1:5055"; }
          ];
        };
      };
    };
  };
}