{
  lib,
  config,
  ...
}:
let
  setup = import ../factories/mkserver.nix { inherit lib config; };
  cfg = config.my.servers.linkwarden;
in
{
  options.my.servers.linkwarden = setup.mkOptions "linkwarden" "links" 3000;
  config = lib.mkIf (cfg.enable && config.my.servers.postgres.enable && config.my.secureHost) {
    sops.secrets.linkwarden.sopsFile = ../../secrets/env.yaml;
    services.linkwarden = {
      inherit (cfg) enable;
      host = cfg.ip;
      inherit (cfg) port;
      openFirewall = true;
      environment = {
        NEXTAUTH_URL = "${cfg.url}/api/v1/auth";
        NEXT_PUBLIC_KEYCLOAK_ENABLED = "true";
        OPENAI_MODEL = "gpt-4o";
        KEYCLOAK_ISSUER = "${config.my.servers.keycloak.url}/realms/homelab";
      };
      environmentFile = config.sops.secrets.linkwarden.path;
      database = {
        host = config.my.postgresSocket;
        inherit (cfg) name;
        user = cfg.name;
        createLocally = true;
      };
    };
  };
}