{
  lib,
  config,
  namespace,
  ...
}:
with lib;
let
  cfg = config.${namespace}.services.ocis;
  net = lib.${namespace}.network;
in
{
  options.${namespace}.services.ocis = {
    enable = mkEnableOption "ownCloud Infinite Scale docker service";

    autoStart = mkOption {
      type = types.bool;
      default = true;
    };

    httpPort = mkOption {
      type = types.str;
      default = "9988";
    };

    name = mkOption {
      type = types.str;
      default = "ocis";
    };

    image = mkOption {
      type = types.str;
      default = "owncloud/ocis";
    };

    dataPath = mkOption {
      type = types.str;
      default = "/var/lib/ocis";
    };

    configPath = mkOption {
      type = types.str;
      default = "/var/lib/ocis/config";
    };

    puid = mkOption {
      type = types.str;
      default = "911";
    };

    pgid = mkOption {
      type = types.str;
      default = "1000";
    };

    timeZone = mkOption {
      type = types.str;
      default = "America/Chicago";
    };
  };

  config = mkIf cfg.enable {
    systemd.services."podman-${cfg.name}".unitConfig.RequiresMountsFor = [
      cfg.configPath
      cfg.dataPath
    ];

    virtualisation.oci-containers.containers."${cfg.name}" = {
      inherit (cfg) autoStart image;
      ports = [ "${cfg.httpPort}:9200" ];
      volumes = [
        "${cfg.configPath}:/etc/ocis"
        "${cfg.dataPath}:/var/lib/ocis"
      ];
      environmentFiles = [ ];
      environment = {
        OCIS_INSECURE = "true";
        PROXY_HTTP_ADDR = "0.0.0.0:9200";
        OCIS_URL = "https://${net.hosts.nas.lan}:${toString net.ports.nas.nextcloud}";
        OCIS_ADMIN_PASSWORD = "BogieDudie1";
        OCIS_LDAP_BIND_PASSWORD = "BogieDudie1";
        PROXY_OIDC_CLIENT_SECRET = "BogieDudie1";
        IDM_ADMIN_PASSWORD = "BogieDudie1";
        PUID = cfg.puid;
        PGID = cfg.pgid;
        TZ = cfg.timeZone;
      };
    };
  };
}