{
  lib,
  config,
  ...
}:
let
  setup = import ../factories/mkserver.nix { inherit lib config; };
  cfg = config.my.servers.maloja;
in
{
  options.my.servers.maloja = setup.mkOptions "maloja" "maloja" 42010;
  config = lib.mkIf (cfg.enable && config.my.secureHost) {
    sops.secrets.maloja.sopsFile = ../../secrets/env.yaml;
    virtualisation.oci-containers.containers.maloja = {
      image = "krateng/maloja:3.2.4";
      ports = [ "${toString cfg.port}:${toString cfg.port}" ];
      environmentFiles = [ config.sops.secrets.maloja.path ];
      environment = {
        TZ = config.my.timeZone;
        MALOJA_TIMEZONE = "-6";
        PUID = toString config.users.users.jawz.uid;
        PGID = toString config.users.groups.users.gid;
        MALOJA_DATA_DIRECTORY = "/mljdata";
        MALOJA_SKIP_SETUP = "true";
      };
      volumes = [ "${config.my.containerData}/maloja:/mljdata" ];
    };
  };
}