{ ... }:
let
  hostAddress = "10.0.1.3";
  localAddress = "10.0.5.18";
  hassPort = 8192;
in
{
  containers.homeassistant = {
    autoStart = true;
    privateNetwork = true;
    hostAddress = hostAddress;
    localAddress = localAddress;

    config = { lib, ... }:
      {
        imports = [ ../homeassistant/homeassistant.nix ];

        networking = {
          firewall = {
            enable = true;
            allowedTCPPorts = [ hassPort ];
          };
          # Use systemd-resolved inside the container
          # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
          useHostResolvConf = lib.mkForce false;
        };

        # Create and set permissions for required directories
        system.activationScripts.gitea-dirs = ''
          mkdir -p /var/lib/gitea
          chown -R gitea:gitea /var/lib/gitea
          chmod -R 775 /var/lib/gitea
          mkdir -p /run/secrets/jallen-nas
          chown -R gitea:gitea /run/secrets/jallen-nas
          chmod -R 775 /run/secrets/jallen-nas
        '';

        services.resolved.enable = true;
        system.stateVersion = "23.11";
      };
  };

  networking.nat = {
    forwardPorts = [
      {
        destination = "${localAddress}:${toString hassPort}";
        sourcePort = hassPort;
      }
    ];
  };
}