{ config, containerCfg, pkgs, lib, builder, name,... }:
let 
  serverCfg = config.syscfg.server;
  settings = pkgs.writeTextDir"etc/etherpad/settings.json" (builtins.toJSON {
    title= "${TITLE:Etherpad}";
    showRecentPads = "${SHOW_RECENT_PADS:true}";
    favicon = "${FAVICON:null}";
    publicURL = "${PUBLIC_URL:null}";
    skinName = "${SKIN_NAME:colibris}";
    skinVariants = "${SKIN_VARIANTS:super-light-toolbar super-light-editor light-background}";
    ip = "${IP:0.0.0.0}";
    port = "${PORT:9001}";
    showSettingsInAdminPage = "${SHOW_SETTINGS_IN_ADMIN_PAGE:true}";
    enableMetrics = "${ENABLE_METRICS:true}";
    updates.tier = "off";
    cleanup.enabled = false;
    gdprAuthorErasure.enabled = "${GDPR_AUTHOR_ERASURE_ENABLED:false}";
    authenticationMethod = "${AUTHENTICATION_METHOD:sso}";
    enableDarkMode = "${ENABLE_DARK_MODE:true}";
    enablePadWideSettings = "${ENABLE_PAD_WIDE_SETTINGS:true}";
    dbType = "${DB_TYPE:dirty}";
    dbSettings = {
      host =       "${DB_HOST:undefined}";
      port =       "${DB_PORT:undefined}";
      database =   "${DB_NAME:undefined}";
      user =       "${DB_USER:undefined}";
      password =   "${DB_PASS:undefined}";
      charset =    "${DB_CHARSET:undefined}";
      filename =   "${DB_FILENAME:var/dirty.db}";
      collection = "${DB_COLLECTION:undefined}";
      url =        "${DB_URL:undefined}";
    };
    defaultPadText = "${DEFAULT_PAD_TEXT:Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at https:\/\/etherpad.org\n}";
    padOptions = {
      noColors =         "${PAD_OPTIONS_NO_COLORS:false}";
      showControls =     "${PAD_OPTIONS_SHOW_CONTROLS:true}";
      showChat =         "${PAD_OPTIONS_SHOW_CHAT:true}";
      showLineNumbers =  "${PAD_OPTIONS_SHOW_LINE_NUMBERS:true}";
      useMonospaceFont = "${PAD_OPTIONS_USE_MONOSPACE_FONT:false}";
      userName =         "${PAD_OPTIONS_USER_NAME:null}";
      userColor =        "${PAD_OPTIONS_USER_COLOR:null}";
      rtl =              "${PAD_OPTIONS_RTL:false}";
      alwaysShowChat =   "${PAD_OPTIONS_ALWAYS_SHOW_CHAT:false}";
      chatAndUsers =     "${PAD_OPTIONS_CHAT_AND_USERS:false}";
      lang =             "${PAD_OPTIONS_LANG:null}";
      fadeInactiveAuthorColors = "${PAD_OPTIONS_FADE_INACTIVE_AUTHOR_COLORS:true}";
      enforceReadableAuthorColors = "${PAD_OPTIONS_ENFORCE_READABLE_AUTHOR_COLORS:true}";
    };

    requireSession = "${REQUIRE_SESSION:false}";

    editOnly = "${EDIT_ONLY:false}";
    minify = "${MINIFY:true}";
    requireAuthentication = "${REQUIRE_AUTHENTICATION:true}";
    requireAuthorization = "${REQUIRE_AUTHORIZATION:false}";
    trustProxy = "${TRUST_PROXY:false}";
    socketTransportProtocols = ["websocket", "polling"];
    socketIo.maxHttpBufferSize = "${SOCKETIO_MAX_HTTP_BUFFER_SIZE:1000000}";


    
    indentationOnNewLine = true;
    exposeVersion = "${EXPOSE_VERSION:false}";

    loglevel = "${LOGLEVEL:INFO}";
    lowerCasePadIds = "${LOWER_CASE_PAD_IDS:true}";
    sso = {
      issuer = "${SSO_ISSUER:http://localhost:9001}";
      clients = [
        {
          client_id = "${ADMIN_CLIENT:admin_client}";
          client_secret = "${ADMIN_SECRET:admin}";
          grant_types = ["authorization_code"];
          response_types = ["code"];
          redirect_uris = ["${ADMIN_REDIRECT:http://localhost:9001/admin/}"];
        }
        {
          client_id = "${USER_CLIENT:user_client}";
          client_secret = "${USER_SECRET:user}";
          grant_types = ["authorization_code"];
          response_types = ["code"];
          redirect_uris = ["${USER_REDIRECT:http://localhost:9001/}"];
        }
      ];
    };
  });
  image = pkgs.dockerTools.streamLayeredImage {
    name = "etherpad";
    tag = pkgs.etherpad-lite.version;
    contents = with pkgs;[cacert tzdata bash coreutils curl etherpadSettings ];
    fakeRootCommands = ''
      mkdir -p ./var/lib/etherpad
      chown -R 1000:1000 ./var/lib/etherpad
      mkdir -p ./tmp
      chmod 1777 ./tmp
    '';
    config = {
      Cmd = [ "${pkgs.etherpad-lite}/bin/etherpad-lite" "--settings" "/etc/etherpad/settings.json" ];
      User = "1000:1000";
      WorkingDir = "/var/lib/etherpad";
      ExposedPorts = { "${toString containerCfg.port}/tcp" = {}; };
      Env = [
        "NODE_ENV=production"
        "HOME=/opt/etherpad-lite/var"
        "DB_FILENAME=/opt/etherpad-lite/var/dirty.db"
      ];

    };
  };
in {
  paths = [{
    path="${serverCfg.configPath}/etherpad/data";
    owner = "1000:1000";
    mode = "0755";
  }{
    path="${serverCfg.configPath}/etherpad/APIKEY.txt";
    owner = "1000:1000";
    mode = "0755";
    backup = true;
  }];

  containers = {
    server = builder.mkContainer {
      subdomain = containerCfg.subdomain;
      imageStream = image;
      port = containerCfg.port;
      ip = containerCfg.ip;
      secret = name;
      extraEnv = {
        TITLE = "Pad";
        PORT = toString containerCfg.port;
        DB_TYPE = "postgres";
        DB_HOST = builder.host;
        DB_NAME = "etherpad_db";
        DB_USER = "etherpad_user";
        TRUST_PROXY = "true";
        DB_CHARSET = "utf8mb4";
        DEFAULT_PAD_TEXT = "";
        PAD_OPTIONS_SHOW_LINE_NUMBERS = "true";
        PAD_OPTIONS_USE_MONOSPACE_FONT = "true";
        SKIN_VARIANTS = "super-dark-toolbar light-editor dark-background";
      };
      overrides = {
        volumes = [
          "${serverCfg.configPath}/etherpad/data:/opt/etherpad-lite/var"
          "${serverCfg.configPath}/etherpad/APIKEY.txt:/opt/etherpad-lite/APIKEY.txt"
        ];
      };
    };
  };
}