{ config, pkgs, lib, ... }:

with lib;

let
  # Container config
  name = "ntfy";
  # Version tagging
  ntfyVersion = "v2.18.0";
  # Helper
  helper = import ../service-helper.nix { inherit config pkgs lib; };
  cfg = config.numbus-server.services.ntfy;
in

helper.mkPodmanService {
  inherit name;
  description = "Ntfy, get notified easily";
  defaultPort = "8099";
  middlewares = [
    "secureHeaders"
  ];
  dirPermissions = [
    "100999:100 ${cfg.configDir}"
    "100999:100 ${cfg.configDir}/cache"
    "100999:100 ${cfg.configDir}/config"
  ];

  composeText = ''
    services:
      ntfy:
        image: docker.io/binwiederhier/ntfy
        container_name: ntfy
        hostname: ntfy
        user: "1000:1000"
        networks:
          ntfy:
            ipv4_address: 10.89.150.253
        ports:
          - "${cfg.port}:80/tcp"
        command:
          - serve
        volumes:
          - ${cfg.config}/cache:/var/cache/ntfy
          - ${cfg.config}/config:/etc/ntfy
        environment:
          - TZ=${time.timeZone}
        security_opt:
          - no-new-privileges:true
        cap_drop:
          - NET_RAW
        restart: unless-stopped

    networks:
      ntfy:
        driver: bridge
        name: ntfy
        ipam:
          config:
            - subnet: "10.89.150.0/24"
              gateway: "10.89.150.254"
  '';
}