{ config, pkgs, lib, ... }:
let
  serverCfg = config.syscfg.server;
  builder = import ./builder.nix { inherit config lib pkgs serverCfg; };

in{
  config = lib.mkMerge [{
    syscfg.server.loadedContainers = lib.mapAttrs (name: containerCfg:
      (import (./apps + "/${name}.nix")) { inherit config pkgs lib containerCfg builder name; }
    ) config.syscfg.server.containers;
  } (lib.mkIf ( serverCfg.containers != {} ) (
    let
      appsList = builtins.attrValues config.syscfg.server.loadedContainers;
      mergedContainers = lib.concatMapAttrs (appName: app:
        lib.mapAttrs' (cName: cCfg: lib.nameValuePair "${appName}-${cName}" cCfg) app.containers
      ) config.syscfg.server.loadedContainers;
      allPathConfigs  = lib.concatMap (app: app.paths) appsList;
      allCronsConfigs = lib.concatMap (app: app.cron) appsList;
    in{

      virtualisation.oci-containers = {
        backend = "podman";
        containers = mergedContainers;
      };
      
      system.activationScripts.container-setup-dirs = {
        deps = [ "users" "groups" ];
        text = lib.concatStringsSep "\n" (map (cfg:
        let
          effectiveCfg = {
            owner = "root:root";
            mode = "0400";
          } // cfg;
        in ''
          ${pkgs.coreutils}/bin/mkdir -p "${effectiveCfg.path}"
          ${pkgs.coreutils}/bin/chown ${effectiveCfg.owner} "${effectiveCfg.path}"
          ${pkgs.coreutils}/bin/chmod ${effectiveCfg.mode} "${effectiveCfg.path}"
        '') allPathConfigs);
      };

      systemd.services = {
        podman-gc = {
          description = "Podman garbage collection";
          serviceConfig.Type = "oneshot";
          script = ''
            ${pkgs.podman}/bin/podman container prune -f
            ${pkgs.podman}/bin/podman image prune -f
          '';
          startAt = "weekly";
        };
      } // lib.listToAttrs (lib.concatMap (containerSet: 
        if containerSet.setup.script != null then [{
          name = "${containerSet.name}-setup";
          value = {
            description = "Run ${containerSet.name} setup";
            after = [ "podman-${containerSet.name}-${containerSet.setup.trigger}.service" ];
            wants = [ "podman-${containerSet.name}-${containerSet.setup.trigger}.service" ];
            wantedBy = [ "multi-user.target" ];
            serviceConfig = {
              Type = "oneshot";
              TimeoutStartSec = "360s";
              EnvironmentFile = if (containerSet.setup ? envFile) then containerSet.setup.envFile else [ ];
              ExecStart = "${containerSet.setup.script}";
              RemainAfterExit = true;
              User = "root";
            };
          };
        }] else []
      ) appsList);

      services.cron = {
        enable = true;
        systemCronJobs = allCronsConfigs;
      };

  }))];

}