{ config, containerCfg, pkgs, lib, builder, name, ... }:
let
  serverCfg = config.syscfg.server;
  image = pkgs.dockerTools.streamLayeredImage {
    name = pkgs.jellyfin.name;
    tag = pkgs.jellyfin.version;
    contents = [
      pkgs.cacert
    ];
    config = {
      Entrypoint = [ "${pkgs.jellyfin}/bin/jellyfin" ];
      ExposedPorts = { "8096/tcp" = { }; };
    };
  };
in {
  paths = [
    {
      path = "${serverCfg.dataPath}/media/";
      mode = "0755";
    }
    {
      path = "${serverCfg.configPath}/jellyfin/";
      mode = "0755";
    }
  ];

  containers = {
    server = builder.mkContainer {
      subdomain = containerCfg.subdomain;
      imageStream = image;
      port = 8096;
    #   secret = name;
      extraEnv = {
        DOTNET_SYSTEM_GLOBALIZATION_INVARIANT = "1";
        # JELLYFIN_WEB_DIR = "${pkgs.jellyfin-web}/share/jellyfin-web";
        JELLYFIN_HttpListenerHost__BindAddress= "0.0.0.0"; #we can use settings.xml override
      };
      extraOptions = [
        "--tmpfs=/tmp:rw,noexec,nosuid,size=512m"
      ];
      overrides = {
        cmd = [
        "--datadir" "/config/data"
        "--cachedir" "/config/cache"
        "--configdir" "/config/config"
        "--logdir" "/config/log" 
        ];
        volumes = [
          "${serverCfg.dataPath}/movies:/media/movies:ro" 
          "${serverCfg.dataPath}/series:/media/series:ro" 
          "${serverCfg.configPath}/jellyfin:/config"
        ];
        # If you have an Intel/AMD GPU for transcoding, add the device:
        devices = lib.optionals (builtins.pathExists "/dev/dri") [ "/dev/dri:/dev/dri" ];
      };
    };
  };
}