{ config, pkgs, lib, ... }:
let
  serverCfg = config.syscfg.server;
  builder = import ./builder.nix { inherit config lib serverCfg; };
  enabledConfigs = lib.filterAttrs (name: c: c.enable) serverCfg.containers;
  containerSetsList = lib.mapAttrsToList (name: containerCfg:
  let apps = import (./apps + "/${name}.nix") {inherit config pkgs lib containerCfg builder name;};
  in{
    name = name;
    containers = lib.mapAttrs' (cName: cValue: 
      lib.nameValuePair "${name}-${cName}" cValue
    ) apps.containers;
    paths = apps.paths or [];
    setup = apps.setup or null;
    cron = apps.cron or [];
  }
) enabledConfigs;
  mergedContainers = lib.attrsets.mergeAttrsList  (lib.map(e: e.containers) containerSetsList);
  allPathConfigs = lib.flatten (lib.map (e: e.paths) containerSetsList);
  allCronsConfigs = lib.flatten (lib.map (e: e.cron or []) containerSetsList);
in
{
  config = lib.mkIf ( enabledConfigs != {} ) {

    virtualisation.oci-containers = {
      backend = "podman";
      containers = mergedContainers;
    };
    
    system.activationScripts.container-setup-dirs = {
      deps = [ "users" "groups" ];
      text = lib.concatStringsSep "\n" (map (cfg: ''
        ${pkgs.coreutils}/bin/mkdir -p "${cfg.path}"
        ${pkgs.coreutils}/bin/chown ${cfg.owner} "${cfg.path}"
        ${pkgs.coreutils}/bin/chmod ${cfg.mode} "${cfg.path}"
      '') allPathConfigs);
    };

    systemd.services = {
      podman-gc = {
        description = "Podman garbage collection";
        serviceConfig.Type = "oneshot";
        script = ''
          ${pkgs.podman}/bin/podman container prune -f
          ${pkgs.podman}/bin/podman image prune -f
        '';
        startAt = "weekly";
      };
    } // lib.listToAttrs (lib.concatMap (containerSet: 
      if containerSet.setup != null then [{
        name = "${containerSet.name}-setup";
        value = {
          description = "Run ${containerSet.name} setup";
          after = [ "podman-${containerSet.name}-${containerSet.setup.trigger}.service" ];
          wants = [ "podman-${containerSet.name}-${containerSet.setup.trigger}.service" ];
          wantedBy = [ "multi-user.target" ];
          serviceConfig = {
            Type = "oneshot";
            TimeoutStartSec = "360s";
            ExecStart = "${containerSet.setup.script}";
            RemainAfterExit = true;
            User = "root";
          };
        };
      }] else []
    ) containerSetsList);

    services.cron = {
      enable = true;
      systemCronJobs = allCronsConfigs;
    };

  };
}