{ config, lib, ... }:

with lib;

let
  cfg = config.settings.containers.beszel;
in {
  options = {
    settings.containers.beszel.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      description = ''
        Enable Beszel container
      '';
    };
  };

  config = mkIf cfg.enable {
    settings.services.sops.enable = true;

    services.podman.containers.beszel = {
      image = "henrygd/beszel:latest";
      network = "proxy";
      volumes = [
        "%h/containers/beszel/data:/beszel_data" 
        "%h/containers/beszel/socket:/beszel_socket" 
      ];
      environment = {
        DISABLE_PASSWORD_AUTH = false;
        USER_CREATION = true;
      };
    };

    services.podman.containers.beszel-agent = {
      image = "henrygd/beszel-agent:latest";
      network = "proxy";
      volumes = [
        "%h/containers/beszel/socket:/beszel_socket" 
        "/run/user/1000/podman/podman.sock:/var/run/podman.sock:ro"

        "${config.sops.secrets."containers/beszel/key".path}:/run/secrets/key" 
      ];
      environment = {
        LISTEN = "/beszel_socket/beszel.sock";
        KEY_FILE = "/run/secrets/key";
      };
    };

    sops.secrets = {
      "containers/beszel/key" = { };
    };
  };
}