{
  config,
  lib,
  namespace,
  ...
}:
with lib;
let
  inherit (lib.${namespace}) mkOpt;
  name = "netbootxyz";
  cfg = config.${namespace}.services.${name};

  netbootxyzConfig = lib.${namespace}.mkModule {
    inherit config name;
    description = "netbootxyz";
    options = {
      assetPort = mkOpt types.port 4001 "NGINX server for hosting assets.";

      tftpPort = mkOpt types.port 69 "HTTPS port for netbootxyz";
    };
    moduleConfig = {
      # Open firewall for netbootxyz if enabled
      networking.firewall = mkIf cfg.openFirewall {
        allowedTCPPorts = [
          cfg.assetPort
          cfg.tftpPort
        ];
        allowedUDPPorts = [
          cfg.assetPort
          cfg.tftpPort
        ];
      };

      virtualisation.oci-containers = {
        containers.netbootxyz = {
          autoStart = true;
          image = "ghcr.io/netbootxyz/netbootxyz:latest";
          ports = [
            "${toString cfg.port}:3000"
            "${toString cfg.assetPort}:80"
            "${toString cfg.tftpPort}:69"
          ];
          volumes = [
            "${cfg.configDir}/netbootxyz:/config"
            "${cfg.dataDir}/isos:/assets"
          ];
        };
      };
    };
  };
in
{
  imports = [ netbootxyzConfig ];
}