{ lib, config, ... }:
with lib;
let
  cfg = config.nas-apps.open-webui;
in
{
  imports = [ ./options.nix ];

  config = mkIf cfg.enable {

    virtualisation.oci-containers.containers.${cfg.name} = {
      autoStart = true;
      image = cfg.image;
      extraOptions = [ "--device=nvidia.com/gpu=0" ];
      volumes = [
        "${cfg.configPath}:/app/backend/data"
        "${cfg.ollamaPath}:/root/.ollama"
      ];
      ports = [ "${cfg.port}:8080" ];
      environment = {
        NVIDIA_VISIBLE_DEVICES = "all";
        NVIDIA_DRIVER_CAPABILITIES = "all";
        PUID = cfg.puid;
        PGID = cfg.pgid;
        TZ = cfg.timeZone;
        OAUTH_CLIENT_ID = "P4YrtPrdwoQkwYs4e5AHQx7xiz4FV6OpT24rjqXa";
        OAUTH_CLIENT_SECRET = "XpZ1Y9RUMD6FVxBSxg8evHkRYuSUJ3saN99uCFfeNo4Z8vrmnqZBHJQzSSCFig1fgqEYCr3SmcOvCHGHUsz9FJT2aZFlZxKv6bZZpuMQYASHiQtuX2pTVEspiNab3129";
        OPENID_PROVIDER_URL = "https://authentik.mjallen.dev/application/o/chat/.well-known/openid-configuration";
        OPENID_PROVIDER_NAME = "authentik";
        ENABLE_OAUTH_SIGNUP = "true";
        OAUTH_MERGE_ACCOUNTS_BY_EMAIL = "true";
      };
    };
  };
}