{
  config,
  pkgs,
  inputs,
  lib,
  ...
}: let
  port = 8081;
  domain = "fossil.cyplo.dev";
  baseurl = "https://${domain}";
  path = "/var/lib/fossil";
in {
  imports = [../nginx.nix];

  services.nginx = {
    virtualHosts = {
      "${domain}" = {
        forceSSL = true;
        enableACME = true;
        locations."/" = {proxyPass = "http://localhost:" + toString port;};
      };
    };
  };

  containers.fossil = {
    autoStart = true;
    forwardPorts = [
      {
        containerPort = port;
        hostPort = port;
      }
    ];
    bindMounts = {
      "${path}" = {
        hostPath = "${path}";
        isReadOnly = false;
      };
    };
    config = {
      config,
      pkgs,
      ...
    }: let
      user = "fossil";
      group = "fossil";
    in {
      system.stateVersion = "22.05";
      environment.systemPackages = [pkgs.fossil];
      users.groups = {"${group}" = {};};
      users.users = {
        fossil = {
          inherit group;
          description = "Fossil Service";
          home = path;
          useDefaultShell = true;
          isSystemUser = true;
        };
      };

      systemd.tmpfiles.rules = ["d '${path}' 0770 ${user} ${group} - -"];
      systemd.services.fossil = {
        description = "fossil server";
        after = ["network-online.target"];
        wantedBy = ["multi-user.target"];
        path = [pkgs.fossil pkgs.git];

        serviceConfig = {
          User = user;
          Group = group;
          WorkingDirectory = path;
          ReadWritePaths = [path];
          ExecStart =
            "${pkgs.fossil}/bin/fossil server"
            + " --localhost"
            + " --https"
            + " --port ${toString port}"
            + " --baseurl ${baseurl}"
            + " --repolist ${path}";
          Restart = "always";
          RestartSec = 3;
        };
      };
    };
  };
}