let
  volumePath = "/overseer/services";
in
{
  config,
  inputs,
  ...
}:
let
  sopsFolder = builtins.toString inputs.nix-secrets + "/sops";
in
{
  systemd.tmpfiles.rules = [
    "d ${volumePath}/lubelogger"
    "d ${volumePath}/lubelogger/data"
    "d ${volumePath}/lubelogger/keys"
  ];
  ###########
  # Service #
  ###########

  sops = {
    secrets = {
      "lubelogger/user_hash" = {
        sopsFile = "${sopsFolder}/services.yaml";
      };
      "lubelogger/pass_hash" = {
        sopsFile = "${sopsFolder}/services.yaml";
      };
      "lubelogger/oidc/id" = {
        sopsFile = "${sopsFolder}/services.yaml";
      };
      "lubelogger/oidc/secret" = {
        sopsFile = "${sopsFolder}/services.yaml";
      };
      "generic/smtp/server" = {
        sopsFile = "${sopsFolder}/services.yaml";
      };
      "generic/smtp/port" = {
        sopsFile = "${sopsFolder}/services.yaml";
      };
      "generic/smtp/user" = {
        sopsFile = "${sopsFolder}/services.yaml";
      };
      "generic/smtp/pass" = {
        sopsFile = "${sopsFolder}/services.yaml";
      };
    };
    templates."lubelogger-env".content = ''
      LC_ALL=en_US.UTF-8
      LANG=en_US.UTF-8
      UserNameHash=${config.sops.placeholder."lubelogger/user_hash"}
      UserPasswordHash=${config.sops.placeholder."lubelogger/pass_hash"}
      LUBELOGGER_CUSTOM_WIDGETS=true
      MailConfig__EmailServer=${config.sops.placeholder."generic/smtp/server"}
      MailConfig__EmailFrom=${config.sops.placeholder."generic/smtp/user"}
      MailConfig__Port=${config.sops.placeholder."generic/smtp/port"}
      MailConfig__Username=${config.sops.placeholder."generic/smtp/user"}
      MailConfig__Password=${config.sops.placeholder."generic/smtp/pass"}
      OpenIDConfig__Name=Pocket ID
      OpenIDConfig__ClientId=${config.sops.placeholder."lubelogger/oidc/id"}
      OpenIDConfig__ClientSecret=${config.sops.placeholder."lubelogger/oidc/secret"}
      OpenIDConfig__AuthURL=https://auth.wanderingcrow.net/authorize
      OpenIDConfig__RedirectURL=https://garage.wanderingcrow.net/Login/RemoteAuth
      OpenIDConfig__TokenURL=https://auth.wanderingcrow.net/api/oidc/token
      OpenIDConfig__Scope=openid email
      OpenIDConfig__UsePKCE=true
      OpenIDConfig__DisableRegularLogin=true
      OpenIDConfig__LogOutURL=https://auth.wanderingcrow.net/api/oidc/end-session
    '';

  };

  services.caddy = {
    enable = true;
    virtualHosts."garage.wanderingcrow.net".extraConfig = ''
      reverse_proxy http://10.88.0.8:8080
    '';
  };

  virtualisation.oci-containers = {
    backend = "podman";
    containers = {
      "lubelogger" = {
        image = "ghcr.io/hargata/lubelogger:v1.5.5";
        extraOptions = [ "--ip=10.88.0.8" ];
        environmentFiles = [ config.sops.templates."lubelogger-env".path ];
        volumes = [
          "${volumePath}/lubelogger/data:/App/data"
          "${volumePath}/lubelogger/keys:/root/.aspnet/DataProtection-Keys"
        ];
      };
    };
  };
}