{
  lib,
  config,
  namespace,
  ...
}:
with lib;
let
  name = "manyfold";
  cfg = config.${namespace}.services.${name};

  manyfoldConfig = lib.${namespace}.mkModule {
    inherit config name;
    serviceName = "podman-${name}";
    description = "manyfold";
    options = { };
    moduleConfig = {
      virtualisation.oci-containers.containers."${name}" = {
        autoStart = true;
        image = "ghcr.io/manyfold3d/manyfold-solo";
        ports = [ "${toString cfg.port}:3214" ];
        extraOptions = [
          "--cap-drop=ALL"
          "--cap-add=CHOWN"
          "--cap-add=DAC_OVERRIDE"
          "--cap-add=SETUID"
          "--cap-add=SETGID"
          "--security-opt=no-new-privileges:true"
        ];
        volumes = [
          "${cfg.configDir}/manyfold:/config"
          "${cfg.dataDir}/documents/3d-models:/libraries"
        ];
        environment = {
          PUID = cfg.puid;
          PGID = cfg.pgid;
          TZ = cfg.timeZone;
        };
        environmentFiles = [ config.sops.secrets."jallen-nas/manyfold/secretkeybase".path ];
      };
    };
  };
in
{
  imports = [ manyfoldConfig ];
}