{ lib, config, proxyReverse, ... }:
let
  port = 9925;
  domain = "mealie.${config.my.domain}";
  url = "https://${domain}";
in {
  options.my.servers.mealie.enable = lib.mkEnableOption "enable";
  config = lib.mkIf config.my.servers.mealie.enable {
    sops.secrets.mealie.sopsFile = ../../secrets/env.yaml;
    virtualisation.oci-containers.containers.mealie = {
      autoStart = true;
      image = "ghcr.io/mealie-recipes/mealie:v1.4.0";
      ports = [ "${toString port}:9000" ];
      volumes = [ "${config.my.containerData}/mealie:/app/data/" ];
      environmentFiles = [ config.sops.secrets.mealie.path ];
      environment = {
        TZ = "America/Mexico_City";
        ALLOW_SIGNUP = "true";
        PUID = "1000";
        PGID = "100";
        MAX_WORKERS = "1";
        WEB_CONCURRENCY = "1";
        BASE_URL = url;
        SMTP_HOST = "smtp.gmail.com";
        SMTP_PORT = "587";
      };
      extraOptions = [
        "--memory=1g" # VA-API (omit for NVENC)
      ];
      labels = {
        "flame.type" = "application";
        "flame.name" = "Mealie";
        "flame.url" = url;
        "flame.icon" = "fridge";
      };
    };
    services.nginx = {
      enable = true;
      virtualHosts."${domain}" = proxyReverse port // { };
    };
  };
}