{ config, lib, ... }:
with lib;
let
  cfg = config.eboskma.livebook;
in
{
  options.eboskma.livebook = {
    enable = mkEnableOption "Start a livebook container";
    dataDir = mkOption {
      description = "Livebook data directory";
      type = types.path;
    };
    userMapping = mkOption {
      description = "User to run the container as";
      type = types.str;
    };
  };

  config = mkIf cfg.enable {
    eboskma.podman.enable = true;

    virtualisation.oci-containers.containers = {
      livebook = {
        autoStart = true;
        image = "livebook/livebook";
        environmentFiles = [ config.sops.secrets.livebook-password.path ];
        ports = [
          "8080:8080"
          "8081:8081"
        ];
        volumes = [
          "${cfg.dataDir}:/data"
          "/run/secrets/livebook_cookie:/app/releases/COOKIE"
        ];
        extraOptions = [
          "--pull=always"
          "--user=${cfg.userMapping}"
        ];
      };
    };
  };
}