{ dream2nix, ... }:
let
  hostAddress = "10.0.1.4";
  localAddress = "10.0.4.2";
  hassPort = 8123;
in
{
  containers.homeassistant = {
    autoStart = true;
    privateNetwork = true;
    hostAddress = hostAddress;
    localAddress = localAddress;

    bindMounts = {
      "/var/lib/homeassistant" = {
        hostPath = "/var/lib/homeassistant";
        isReadOnly = false; 
      };
      USB0 = {
        hostPath = "/dev/ttyUSB0";
        mountPoint = "/dev/ttyUSB0";
        isReadOnly = false;
      };
    };

    config = { lib, ... }:
      {
        imports = [ 
          ./homeassistant.nix
        ];

        networking = {
          firewall = {
            enable = true;
            allowedTCPPorts = [ hassPort ];
          };
          # Use systemd-resolved inside the container
          # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
          useHostResolvConf = lib.mkForce false;
        };

        # Create and set permissions for required directories
        system.activationScripts.hass-dirs = ''
          mkdir -p /var/lib/homeassistant
          chown -R homeassistant:homeassistant /var/lib/homeassistat
          chmod -R 775 /var/lib/homeassistant
        '';

        services.resolved.enable = true;
        system.stateVersion = "23.11";
      };
  };

  networking.nat = {
    forwardPorts = [
      {
        destination = "${localAddress}:${toString hassPort}";
        sourcePort = hassPort;
      }
    ];
  };
}