{ secrets, config, ... }:
let
  inherit (config.modules.server) containerEngine;
in
{
  virtualisation = {
    containers.enable = true;

    docker = {
      enable = containerEngine == "docker";

      daemon.settings = {
        iptables = false;
      };
    };

    podman = {
      enable = containerEngine == "podman";
      dockerCompat = true;
      defaultNetwork.settings.dns_enabled = true;
    };

    oci-containers = {
      backend = containerEngine;

      containers = {
        september = {
          image = "fuwn/september";
          autoStart = true;
          ports = [ "8084:80" ];

          environment = {
            CONDENSE_LINKS_AT_HEADINGS = "## Quick Links,# Fuwn[.me],## Footer";
            EMBED_IMAGES = "2";
            MATHJAX = "true";
            PLAIN_TEXT_ROUTE = "*.xml,*.txt";
            PRIMARY_COLOUR = "#DCC6BD";

            HEAD = ''
              <script
                defer src="https://analytics.fuwn.me/script.js"
                data-website-id="e7eae941-140b-48af-b36b-d7c5fea3a493"
              ></script>

              <link
                rel="icon"
                type="image/x-icon"
                href="https://avatars.githubusercontent.com/u/99055925?s=200&v=4"
              >
            '';
          };
        };

        momoka = {
          image = "fuwn/momoka";
          autoStart = true;
          ports = [ "70:70" ];
        };

        gigi = {
          image = "fuwn/gigi";
          autoStart = true;
          ports = [ "79:79" ];
          volumes = [ "/mnt/docker/gigi:/gigi/.gigi" ];
        };

        mayu = {
          image = "fuwn/mayu";
          autoStart = true;
          ports = [ "8098:3000" ];
          volumes = [ "/mnt/docker/mayu:/mayu/data" ];
        };

        locus = {
          image = "ghcr.io/gemrest/locus";
          autoStart = true;
          ports = [ "1965:1965" ];
          volumes = [ "/mnt/docker/locus:/locus/.locus" ];
          environment.HEADER_IMAGE = "https://ruu.neocities.org/images/animeHeader.gif";
          environmentFiles = [ config.sops.secrets.finnhub_token.path ];

          login = {
            registry = "ghcr.io";
            username = config.sops.secrets."ghcr/user".path;
            passwordFile = config.sops.secrets."ghcr/password".path;
          };
        };

        bin = {
          image = "quxfoo/wastebin";
          autoStart = true;
          ports = [ "8090:8088" ];
          volumes = [ "/mnt/docker/bin:/root/db" ];
        };

        pounce = {
          image = "fuwn/pounce";
          autoStart = true;
          ports = [ "6697:6697" ];
          volumes = [ "/mnt/docker/pounce:/root/.config/pounce" ];
          environment.USER = "fuwn";
        };

        litterbox = {
          image = "fuwn/litterbox";
          autoStart = true;
          volumes = [ "/mnt/docker/litterbox:/root/.config/litterbox" ];
        };

        uptime-kuma = {
          image = "louislam/uptime-kuma";
          autoStart = true;
          ports = [ "8099:3001" ];
          volumes = [ "/mnt/docker/uptime-kuma:/app/data" ];
        };

        # beszel = {
        #   image = "henrygd/beszel";
        #   autoStart = true;
        #   ports = [ "8083:8090" ];
        #   volumes = [ "/mnt/docker/beszel:/beszel_data" ];
        # };

        # beszel-agent = {
        #   image = "henrygd/beszel-agent";
        #   autoStart = true;
        #   ports = [ "45876:45876" ];
        #   volumes = [ "/var/run/docker.sock:/var/run/docker.sock:ro" ];
        #   extraOptions = [ "--network=host" ];

        #   environment = {
        #     PORT = "45876";
        #     KEY = "ssh-ed25519 ${secrets.beszel_agent_public_key}";
        #   };
        # };
      };
    };
  };
}