{ config, pkgs, lib, ... }:

with lib;

let
  # Container config
  name = "jellyfin";
  # Version tagging
  jellyfinVersion = "10.11.6";
  # Helper
  helper = import ../service-helper.nix { inherit config pkgs lib; };
  cfg = config.numbus-server.services.jellyfin;
in

helper.mkPodmanService {
  inherit name;
  description = "Jellyfin : A self-hosted media server to stream your movies and music";
  defaultPort = "8096";
  scheme = "https"; #TODO CHECK
  middlewares = [
    "secureHeaders"
  ];
  dirPermissions = [
    "100999:100 ${cfg.dataDir}"
    "100999:100 ${cfg.configDir}"
    "100999:100 ${cfg.dataDir}/media"
    "100999:100 ${cfg.dataDir}/fonts"
    "100999:100 ${cfg.configDir}/cache"
    "100999:100 ${cfg.configDir}/config"
  ];

  composeText = ''
    services:
      jellyfin:
        image: docker.io/jellyfin/jellyfin:${jellyfinVersion}
        container_name: jellyfin
        hostname: jellyfin
        user: '1000:1000'
        networks:
          jellyfin:
            ipv4_address: 10.89.190.253
        ports:
          - "${cfg.port}:8096/tcp"
        volumes:
          - ${cfg.configDir}/config:/config
          - ${cfg.configDir}/cache:/cache
          - type: bind
            source: ${cfg.dataDir}/media
            target: /media
          - type: bind
            source: ${cfg.dataDir}/fonts
            target: /usr/local/share/fonts/custom
            read_only: true
        cap_drop:
          - NET_RAW
        security_opt:
          - no-new-privileges:true
        restart: unless-stopped

    networks:
      jellyfin:
        driver: bridge
        name: jellyfin
        ipam:
          config:
            - subnet: "10.89.190.0/24"
              gateway: "10.89.190.254"
  '';
}