{ pkgs, lib, config, ... }:
let ports = import ./_port-definitions.nix;
in {
  virtualisation.oci-containers.containers."koito" = {
    image = "gabehf/koito:latest";
    environment = {
      "KOITO_ALLOWED_HOSTS" = "koito.rcia.dev";
      "KOITO_ENABLE_LBZ_RELAY" = "true";
      "KOITO_LBZ_RELAY_URL" = "https://api.listenbrainz.org/1";
    };
    environmentFiles = [ config.sops.templates."koito.env".path ];
    volumes = [ "/mnt/hdd-01/koito:/etc/koito:rw" ];
    ports = [ "${toString ports.tcp.koito}:4110/tcp" ];
    log-driver = "journald";
    extraOptions = [ "--network-alias=koito" "--network=koito_default" ];
  };
  systemd.services."podman-koito" = {
    serviceConfig = { Restart = lib.mkOverride 90 "always"; };
    after = [ "podman-network-koito_default.service" ];
    requires = [ "podman-network-koito_default.service" ];
    partOf = [ "podman-compose-koito-root.target" ];
    wantedBy = [ "podman-compose-koito-root.target" ];
  };

  services.nginx.virtualHosts."koito.rcia.dev" = {
    locations."/".proxyPass = "http://localhost:${toString ports.tcp.koito}";
    forceSSL = true;
    useACMEHost = "rcia.dev";
  };

  sops = {
    secrets = {
      "koito/database_url" = { };
      "koito/listenbrainz_token" = { };
    };
    templates."koito.env".content = ''
      KOITO_DATABASE_URL=${config.sops.placeholder."koito/database_url"}
      KOITO_LBZ_RELAY_TOKEN=${
        config.sops.placeholder."koito/listenbrainz_token"
      }
    '';
  };

  # Networks
  systemd.services."podman-network-koito_default" = {
    path = [ pkgs.podman ];
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = true;
      ExecStop = "podman network rm -f koito_default";
    };
    script = ''
      podman network inspect koito_default || podman network create koito_default
    '';
    partOf = [ "podman-compose-koito-root.target" ];
    wantedBy = [ "podman-compose-koito-root.target" ];
  };

  # Root service
  # When started, this will automatically create all resources and start
  # the containers. When stopped, this will teardown all resources.
  systemd.targets."podman-compose-koito-root" = {
    unitConfig = { Description = "Root target generated by compose2nix."; };
    after = [ "postgresql.service" ];
    requires = [ "postgresql.service" ];
    wantedBy = [ "multi-user.target" ];
  };
}