{ lib, config, ... }:
let
  cfg = config.my.servers.stash;
  setup = import ./setup.nix { inherit lib config; };
in
{
  options.my.servers.stash = setup.mkOptions "stash" "xxx" 9999;
  config = {
    sops.secrets = lib.mkIf cfg.enable {
      "stash/password".sopsFile = ../../secrets/env.yaml;
      "stash/jwt".sopsFile = ../../secrets/env.yaml;
      "stash/session".sopsFile = ../../secrets/env.yaml;
    };
    services.stash = lib.mkIf cfg.enable {
      enable = true;
      group = "piracy";
      mutableSettings = true;
      username = "Suing8150";
      passwordFile = config.sops.secrets."stash/password".path;
      jwtSecretKeyFile = config.sops.secrets."stash/jwt".path;
      sessionStoreKeyFile = config.sops.secrets."stash/session".path;
      settings = {
        inherit (cfg) port;
        host = "0.0.0.0";
        stash = [
          {
            path = "/srv/pool/glue/";
          }
        ];
      };
    };
  };
}