{ config, containerCfg, pkgs, lib, builder, name, ... }:
let 
  serverCfg = config.syscfg.server;

  invidiousImage = pkgs.dockerTools.pullImage {
    imageName = "quay.io/invidious/invidious";
    imageDigest = "sha256:7b5cfca1b369cbb87a6c983a54d588cb375ff60c6d71b3e1f0e2f59265f2a1b9"; # Pin tag digest
    sha256 = lib.fakeSha256; 
  };
  companionImage = pkgs.dockerTools.pullImage {
    imageName = "quay.io/invidious/inv-sig-helper";
    imageDigest = "sha256:2d150b07b1406b3a0c25a5f1e8e25d6b46efbb12dbfde6125026bc9812a647ad";
    sha256 = lib.fakeSha256;
  };

in {
  sops = true;
  db = true;

  containers = {
    server = builder.mkContainer {
      subdomain = containerCfg.subdomain;
      imageStream = invidiousImage;
      port = 3000;
      secret = name;
      extraEnv = {
        INVIDIOUS_DATABASE_URL = "postgres://invidious_user:\${DB_PASS}@${builder.host}/invidious_db";
        INVIDIOUS_HMAC_KEY = "\${HMAC_KEY}";
        INVIDIOUS_COMPANION_URL = "http://invidious-companion:12999";
        INVIDIOUS_PO_TOKEN = "\${PO_TOKEN}";
        INVIDIOUS_VISITOR_DATA = "\${VISITOR_DATA}";
        INVIDIOUS_PORT = "3000";
        INVIDIOUS_COMPANION_KEY = "\${INVIDIOUS_KEY}";
        INVIDIOUS_DOMAIN = "${containerCfg.subdomain}.${serverCfg.hostDomain}";
        #registration_enabled: false
      };
    };

    companion = builder.mkContainer {
      imageStream = companionImage;
      port = 12999;
      overrides = {
        cmd = [ "--tcp" "0.0.0.0:12999" ];
      };
    };
  };
}