{ config, pkgs, lib, ... }:
let
  domain = "koillection.home.feal.no";
  port = 5023;
in {
  virtualisation.oci-containers.containers = {
    koillection = {
      image = "koillection/koillection";

      ports = [
        "127.0.1.2:${toString port}:80"
      ];

      environment = {
        APP_DEBUG = "0";
        APP_ENV = "prod";
        HTTPS_ENABLED = "0";
        UPLOAD_MAX_FILESIZE = "512M";
        PHP_MEMORY_LIMIT = "512M";
        PHP_TZ = "Europe/Oslo";

        CORS_ALLOW_ORIGIN = "https?://(localhost|koillection\\.home\\.feal\\.no)(:[0-9]+)?$";
        JWT_SECRET_KEY = "%kernel.project_dir%/config/jwt/private.pem";
        JWT_PUBLIC_KEY = "%kernel.project_dir%/config/jwt/public.pem";

        DB_DRIVER = "pdo_pgsql";
        DB_NAME = "koillection";
        DB_HOST = "host.docker.internal";
        DB_USER = "koillection";
        # DB_PASSWORD = "koillection"; # Set in sops envfile
        DB_PORT = "5432";
        DB_VERSION = "16";
      };

      environmentFiles = [
        config.sops.secrets."koillection/envfile".path
      ];

      extraOptions = [
        "--add-host=host.docker.internal:host-gateway"
      ];
    };
  };

  sops.secrets."koillection/envfile" = { };

  services.postgresql = {
    ensureDatabases = [ "koillection" ];
    ensureUsers = [ {
      name = "koillection";
      ensureDBOwnership = true;
    } ];
  };

  services.nginx.virtualHosts."${domain}" = {
    locations."/".proxyPass = "http://127.0.1.2:${toString port}";
  };
}