{
  lib,
  config,
  namespace,
  ...
}:
let
  cfg = config.${namespace}.services.manyfold;
in
{
  imports = [
    (lib.${namespace}.mkContainerService {
      inherit config;
      name = "manyfold";
      image = "ghcr.io/manyfold3d/manyfold-solo";
      internalPort = 3214;
      extraOptions = [
        "--cap-drop=ALL"
        "--cap-add=CHOWN"
        "--cap-add=DAC_OVERRIDE"
        "--cap-add=SETUID"
        "--cap-add=SETGID"
        "--security-opt=no-new-privileges:true"
      ];
      volumes = [
        "${cfg.configDir}/manyfold:/config"
        "${cfg.dataDir}/documents/3d-models:/libraries"
      ];
      environmentFiles = [ config.sops.secrets."jallen-nas/manyfold/secretkeybase".path ];
    })
  ];
}