{ config, ... }:
let
  port = 1965;
in
{
  networking.firewall.allowedTCPPorts = [
    port
  ];

  virtualisation.oci-containers.containers.locus = {
    inherit (config.modules.containers) extraOptions;

    image = "ghcr.io/gemrest/locus:2025.05.27";
    autoStart = true;
    volumes = [ "/mnt/docker/locus:/locus/.locus" ];
    environment.HEADER_IMAGE = "https://ruu.neocities.org/images/animeHeader.gif";
    environmentFiles = [ config.sops.secrets.finnhub_token.path ];

    ports =
      let
        portString = toString port;
      in
      [ "${portString}:${portString}" ];

    login = {
      registry = "ghcr.io";
      username = config.sops.secrets."ghcr/user".path;
      passwordFile = config.sops.secrets."ghcr/password".path;
    };
  };
}