{
  config,
  pkgs,
  lib,
  namespace,
  ...
}:
with lib;
let
  name = "actual";
  cfg = config.${namespace}.services.${name};

  actualConfig = lib.${namespace}.mkModule {
    inherit config name;
    description = "Actual Personal Finance Planner";
    options = { };
    moduleConfig = {
      services.actual = {
        enable = true;
        openFirewall = cfg.openFirewall;
        settings = {
          trustedProxies = [ config.${namespace}.network.ipv4.address ];
          port = cfg.port;
          serverFiles = "${cfg.configDir}/${name}/server-files";
          userFiles = "${cfg.configDir}/${name}/user-files";
          dataDir = "${cfg.configDir}/${name}";
        };
      };

      systemd.services = lib.mkIf cfg.createUser {
        actual = {
          environment.ACTUAL_CONFIG_PATH = lib.mkForce "/run/actual/config.json";
          serviceConfig = {
            ExecStart = lib.mkForce "${lib.getExe pkgs.actual-server} --config /run/actual/config.json";
            WorkingDirectory = lib.mkForce "${cfg.configDir}/${name}";
            StateDirectoryMode = lib.mkForce 700;
            DynamicUser = lib.mkForce false;
            ProtectSystem = lib.mkForce "full";
          };
        };
      };
    };
  };
in
{
  imports = [ actualConfig ];
}