{ config, ... }:
let
  inherit (import ../lib.nix config) mkContainer blazestar;
in
{
  virtualisation.oci-containers.containers.chat-blazestar-net = mkContainer {
    image = "ghcr.io/matrix-construct/tuwunel";
    hostName = "chat";
    domain = blazestar;
    port = 6167;
    volumes = [
      "chat-blazestar-net-db:/var/lib/tuwunel"
    ];
    environment = {
      TUWUNEL_PORT = "6167";
      TUWUNEL_SERVER_NAME = "blazestar.net";
      TUWUNEL_ALLOW_REGISTRATION = "false";
      TUWUNEL_ALLOW_CHECK_FOR_UPDATES = "true";
      TUWUNEL_ALLOW_FEDERATION = "true";
      TUWUNEL_WELL_KNOWN = ''
        client=https://chat.blazestar.net,
        server:chat.blazestar.net:443
      '';
    };
    extraLabels = {
      "traefik.http.routers.chat-blazestar-net-well-known.rule" =
        "Host(`blazestar.net`) && PathPrefix(`.well-known`)";
      "traefik.http.services.chat-blazestar-net-well-known.loadbalancer.server.port" = "6167";
    };
  };
}