{ ... }:

let
  jellyseerrPort = 5055;
  dataDir = "/var/lib/private/jellyseerr";
  settings = import ../settings.nix;
in
{
  containers.jellyseerr = {
    autoStart = true;
    privateNetwork = true;
    hostAddress = settings.hostAddress;
    localAddress = "10.0.1.52";
    hostAddress6 = "fc00::1";
    localAddress6 = "fc00::4";

    bindMounts = {
      ${dataDir} = {
        hostPath = "/media/nas/ssd/nix-app-data/jellyseerr";
        isReadOnly = false;
      };
    };

    config =
      {
        lib,
        ...
      }:
      {
        # Enable jellyseerr service
        services.jellyseerr = {
          enable = true;
          port = jellyseerrPort;
          # package = package;
          openFirewall = true;
        };

        networking = {
          firewall = {
            enable = true;
            allowedTCPPorts = [ jellyseerrPort ];
          };
          # Use systemd-resolved inside the container
          # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
          useHostResolvConf = lib.mkForce false;
        };

        # Create and set permissions for required directories
        system.activationScripts.jellyseerr-dirs = ''
          mkdir -p /var/lib/private/jellyseerr

          chown -R jellyseerr:jellyseerr /var/lib/private/jellyseerr

          chmod -R 775 /var/lib/private/jellyseerr

          ln -sf /var/lib/private/jellyseerr /var/lib/jellyfin

        '';

        services.resolved.enable = true;
        system.stateVersion = "23.11";
      };
  };

  networking.nat = {
    forwardPorts = [
      {
        destination = "10.0.1.52:5055";
        sourcePort = jellyseerrPort;
      }
    ];
  };
}