{ config, containerCfg, pkgs, lib, builder, name, ... }:
let 
  serverCfg = config.syscfg.server;
  influxPkg = pkgs.influxdb2;

  image = pkgs.dockerTools.streamLayeredImage {
    name = influxPkg.name;
    tag = influxPkg.version;
    contents = [ ];
    config = {
      Entrypoint = [ "${influxPkg}/bin/influxd" ];
      ExposedPorts = {
        "8086/tcp" = {}; # Combined Engine and UI port
      };
    };
  };
in {
  sops = true; # Highly recommended for initial admin passwords and setup tokens
  db = false;  # Using InfluxDB directly as the primary database
  
  paths = [{
    path = "${serverCfg.configPath}/influxdb/";
    mode = "0700"; # Strict database permissions
  }];

  containers = {
    server = builder.mkContainer {
      subdomain = containerCfg.subdomain;
      imageStream = image;
      port = 8086;
      secret = name;
      extraEnv = {
        INFLUXD_CONFIG_PATH = "var/lib/influxdb2/config";
        INFLUXD_BOLT_PATH = "/var/lib/influxdb2/influxdb.bolt";
        INFLUXD_ENGINE_PATH = "/var/lib/influxdb2/engine";
      };
      overrides = {
        volumes = [
          "${serverCfg.configPath}/influxdb/:/var/lib/influxdb2"
        ];
      };
    };
  };

}