{
  config,
  lib,
  namespace,
  ...
}:
let
  inherit (lib.${namespace}) mkContainerService mkSopsEnvFile;

  serverName = "sparky-fitness-server";
  frontendName = "sparky-fitness";

  serverCfg = config.${namespace}.services.${serverName};
  frontendCfg = config.${namespace}.services.${frontendName};
in
{
  imports = [
    # Sops env-file for sparky-fitness-server secrets
    {
      config = lib.mkIf serverCfg.enable (mkSopsEnvFile {
        name = "sparky-fitness-server.env";
        restartUnit = "podman-sparky-fitness-server.service";
        secrets = {
          "jallen-nas/sparky-fitness/db-password" = { };
          "jallen-nas/sparky-fitness/api-encryption-key" = { };
          "jallen-nas/sparky-fitness/auth-secret" = { };
        };
        content = ''
          SPARKY_FITNESS_DB_PASSWORD=${config.sops.placeholder."jallen-nas/sparky-fitness/db-password"}
          SPARKY_FITNESS_APP_DB_PASSWORD=${config.sops.placeholder."jallen-nas/sparky-fitness/db-password"}
          SPARKY_FITNESS_API_ENCRYPTION_KEY=${
            config.sops.placeholder."jallen-nas/sparky-fitness/api-encryption-key"
          }
          BETTER_AUTH_SECRET=${config.sops.placeholder."jallen-nas/sparky-fitness/auth-secret"}
        '';
      });
    }

    (mkContainerService {
      inherit config;
      name = serverName;
      image = "codewithcj/sparkyfitness_server";
      internalPort = 3010;
      volumes = [
        "${serverCfg.configDir}/sparky-fitness/server/backup:/app/SparkyFitnessServer/backup"
        "${serverCfg.configDir}/sparky-fitness/server/uploads:/app/SparkyFitnessServer/uploads"
      ];
      environmentFiles = [ config.sops.templates."sparky-fitness-server.env".path ];
      environment = {
        SPARKY_FITNESS_LOG_LEVEL = "0";
        ALLOW_PRIVATE_NETWORK_CORS = "false";
        SPARKY_FITNESS_DB_USER = "sparkyfitness";
        SPARKY_FITNESS_DB_HOST = "10.0.1.3";
        SPARKY_FITNESS_DB_NAME = "sparkyfitness";
        SPARKY_FITNESS_APP_DB_USER = "sparkyfitness";
        SPARKY_FITNESS_DB_PORT = "5432";
        SPARKY_FITNESS_FRONTEND_URL = "https://sparky.mjallen.dev";
        SPARKY_FITNESS_DISABLE_SIGNUP = "true";
        SPARKY_FITNESS_ADMIN_EMAIL = "jalle008@proton.me";
        SPARKY_FITNESS_FORCE_EMAIL_LOGIN = "true";
        SPARKY_FITNESS_EXTRA_TRUSTED_ORIGINS = "http://10.0.1.3:${toString serverCfg.port}";
        SPARKY_FITNESS_OIDC_AUTH_ENABLED = "true";
      };
    })

    (mkContainerService {
      inherit config;
      name = frontendName;
      image = "codewithcj/sparkyfitness";
      internalPort = 80;
      environment = {
        SPARKY_FITNESS_FRONTEND_URL = "http://10.0.1.3:${toString frontendCfg.port}";
        SPARKY_FITNESS_SERVER_HOST = "10.0.1.3";
        SPARKY_FITNESS_SERVER_PORT = "${toString serverCfg.port}";
      };
    })
  ];
}