{ config, pkgs, ... }:

let
    dbUrl = "http://admin:admin@host.containers.internal:5984";
    instID = "00000";
in
{
  networking.firewall = {
    allowedTCPPorts = [ 3000 ]; # 5984 for CouchDB
    allowedUDPPorts = [ 5353 ];
    trustedInterfaces = if config.virtualisation.oci-containers.backend == "docker" then [ "docker0" ] else [ "cni-podman0" ];
  };
#  networking.firewall.enable = false;


  services = {
    couchdb = {
      enable = true;
      package = pkgs.couchdb3;
      adminUser = "admin";
      adminPass = "admin";
      bindAddress = "0.0.0.0";
#       databaseDir = "";
      extraConfig = ''
        [couchdb]
        single_node = true

        [log]
        level = warn
      '';
    };
  };

  systemd.services.init-podman-curo-registry = {
    description = "Login to Curo private Docker registry.";
    after = [ "network.target" ];
    wantedBy = [ "multi-user.target" ];

    serviceConfig.Type = "oneshot";
    # https://www.breakds.org/post/declarative-docker-in-nixos/
    script = let dockercli = if config.virtualisation.oci-containers.backend == "docker" then "${config.virtualisation.docker.package}/bin/docker" else "${config.virtualisation.podman.package}/bin/podman";
             in ''
               ${dockercli} login -u curo -p curo123 registry.curo.sk
             '';
  };

  systemd.services.curomd-announce = {
    description = "Announces the CuroMD server to network over Bonjour protocol.";
    after = [ "network.target" ];
    bindsTo = [ "docker-curomd.service" ];
    wantedBy = [ "multi-user.target" "docker-curomd.service" ];

    serviceConfig = {
      Type = "simple";
      ExecStart = "/opt/curo/announce-md";
#      Restart = "on-failure";
#      RestartSec = 15;
    };
  };

 virtualisation.oci-containers.containers = {
    curomd = {
        # TODO https://nixos.org/manual/nixos/stable/options.html#opt-virtualisation.oci-containers.containers._name_.login.passwordFile
        autoStart = true;
        # https://nixos.org/manual/nixos/stable/options.html#opt-virtualisation.oci-containers.containers._name_.ports
        ports = [ "3000:3000" ]; # "5353:5353/udp"
        image = "registry.curo.sk/curomd:stable";
#        cmd = [ "/bin/bash" "-c" "--" "while true; do sleep 30; done;" ];
#        login = {
#            registry = "https://registry.curo.sk";
#            username = "curo";
#            passwordFile = "/etc/nixos/curoregistry-password.txt";
#        };

        environment = {
            "CURO_DB_REMOTE" = "${dbUrl}";
            "CURO_BACKUP_FORCE" = "2";
            "CURO_DB_PREFIX" = "a${instID}";
            "CURO_MD_UPDATER_CHANNEL" = "local";
            "CURO_DASTA_PZS" = "xxx";
            "NODE_ENV" = "production";
            "CURO_DEV" = "0";
            "CURO_MONITORING" = "1";
        };
        volumes = [ "/var/lib/curo-a${instID}:/var/lib/curo" ];
        extraOptions = if config.virtualisation.oci-containers.backend == "docker" then [ "--add-host=host.containers.internal:host-gateway" ] else [];
      };
    };
}