{ config, ... }:
let
  inherit (import ./lib.nix config) mkContainer mkMariaDbContainer havenisms;
in
{
  imports = [
    (mkMariaDbContainer {
      name = "bookstack";
      uid = config.users.users.bookstack.uid;
      gid = config.users.groups.bookstack.gid;
      directory = "/tank/bookstack/db";
      passwordSecret = "bookstack_db";
    })
  ];

  sops.secrets = {
    bookstack_app_key = {
      restartUnits = [ "${config.local.container-backend}-bookstack.service" ];
      mode = "0400";
      owner = config.users.users.bookstack.name;
    };
    bookstack_db = {
      restartUnits = [ "${config.local.container-backend}-bookstack-mariadb.service" ];
      mode = "0400";
      owner = config.users.users.bookstack.name;
    };
  };

  virtualisation.oci-containers.containers.bookstack = mkContainer {
    image = "lscr.io/linuxserver/bookstack:latest";
    hostName = "bookstack";
    port = "80";
    dependsOn = [ "bookstack-mariadb" ];
    homepageOpts = {
      group = "Apps";
      name = "Bookstack";
      icon = "bookstack.svg";
      description = "Wiki and Knowledgebase";
    };
    volumes = [
      "/tank/bookstack/app:/config"
      "${config.sops.secrets.bookstack_app_key.path}:/run/secrets/bookstack_app_key"
      "${config.sops.secrets.bookstack_db.path}:/run/secrets/bookstack_db"
    ];
    environment = {
      APP_URL = "https://bookstack.${havenisms}";
      PID = toString config.users.users.bookstack.uid;
      GID = toString config.users.groups.bookstack.gid;
      DB_HOST = "bookstack-mariadb";
      DB_USERNAME = "bookstack";
      DB_DATABASE = "bookstack";
      FILE__DB_PASSWORD = "/run/secrets/bookstack_db";
      FILE__APP_KEY = "/run/secrets/bookstack_app_key";
    };
  };
}