let
  volumePath = "/overseer/services";
in
{
  config,
  inputs,
  ...
}:
let
  sopsFolder = builtins.toString inputs.nix-secrets + "/sops";
in
{
  systemd.tmpfiles.rules = [
    "d ${volumePath}/lubelogger"
    "d ${volumePath}/lubelogger/data"
    "d ${volumePath}/lubelogger/keys"
  ];
  ###########
  # Service #
  ###########

  sops = {
    secrets = {
      "lubelogger/user_hash" = {
        sopsFile = "${sopsFolder}/services.yaml";
      };
      "lubelogger/pass_hash" = {
        sopsFile = "${sopsFolder}/services.yaml";
      };
      "lubelogger/admin_email" = {
        sopsFile = "${sopsFolder}/services.yaml";
      };
      "lubelogger/mailer/server" = {
        sopsFile = "${sopsFolder}/services.yaml";
      };
      "lubelogger/mailer/port" = {
        sopsFile = "${sopsFolder}/services.yaml";
      };
      "lubelogger/mailer/user" = {
        sopsFile = "${sopsFolder}/services.yaml";
      };
      "lubelogger/mailer/pass" = {
        sopsFile = "${sopsFolder}/services.yaml";
      };
      "lubelogger/oidc/id" = {
        sopsFile = "${sopsFolder}/services.yaml";
      };
      "lubelogger/oidc/secret" = {
        sopsFile = "${sopsFolder}/services.yaml";
      };
    };
    templates."lubelogger-env".content = ''
      LC_ALL=en_US.UTF-8
      LANG=en_US.UTF-8
      MailConfig__EmailServer="${config.sops.placeholder."lubelogger/mailer/server"}"
      MailConfig__EmailFrom="${config.sops.placeholder."lubelogger/mailer/user"}"
      MailConfig__Port=587
      MailConfig__Username="${config.sops.placeholder."lubelogger/mailer/user"}"
      MailConfig__Password="${config.sops.placeholder."lubelogger/mailer/pass"}"
      UserNameHash="${config.sops.placeholder."lubelogger/user_hash"}"
      UserPasswordHash="${config.sops.placeholder."lubelogger/pass_hash"}"
      LUBELOGGER_CUSTOM_WIDGETS=true
      OpenIDConfig__Name=Pocket ID
      OpenIDConfig__ClientId=${config.sops.placeholder."lubelogger/oidc/id"}
      OpenIDConfig__ClientSecret=${config.sops.placeholder."lubelogger/oidc/secret"}
      OpenIDConfig__AuthURL=https://auth.wanderingcrow.net/authorize
      OpenIDConfig__RedirectURL=https://garage.wanderingcrow.net/Login/RemoteAuth
      OpenIDConfig__TokenURL=https://auth.wanderingcrow.net/api/oidc/token
      OpenIDConfig__Scope=openid email
      OpenIDConfig__UsePKCE=true
    '';
  };

  services.caddy = {
    enable = true;
    virtualHosts."garage.wanderingcrow.net".extraConfig = ''
      reverse_proxy http://10.88.0.8:8080
    '';
  };

  virtualisation.oci-containers = {
    backend = "podman";
    containers = {
      "lubelogger" = {
        image = "ghcr.io/hargata/lubelogger:v1.5.4";
        extraOptions = [ "--ip=10.88.0.8" ];
        environmentFiles = [ config.sops.templates."lubelogger-env".path ];
        volumes = [
          "${volumePath}/lubelogger/data:/App/data"
          "${volumePath}/lubelogger/keys:/root/.aspnet/DataProtection-Keys"
        ];
      };
    };
  };
}