{ config, containerCfg, pkgs, lib, builder, name,... }:
let 
  serverCfg = config.syscfg.server;
  settings = pkgs.writeTextDir"etc/etherpad/settings.json" (builtins.toJSON {
    title= "\${TITLE:Etherpad}";
    showRecentPads = "\${SHOW_RECENT_PADS:true}";
    favicon = "\${FAVICON:null}";
    publicURL = "\${PUBLIC_URL:null}";
    skinName = "\${SKIN_NAME:colibris}";
    skinVariants = "\${SKIN_VARIANTS:super-light-toolbar super-light-editor light-background}";
    ip = "\${IP:0.0.0.0}";
    port = "\${PORT:9001}";
    showSettingsInAdminPage = "\${SHOW_SETTINGS_IN_ADMIN_PAGE:true}";
    enableMetrics = "\${ENABLE_METRICS:true}";
    updates.tier = "off";
    cleanup.enabled = false;
    gdprAuthorErasure.enabled = "\${GDPR_AUTHOR_ERASURE_ENABLED:false}";
    authenticationMethod = "\${AUTHENTICATION_METHOD:sso}";
    enableDarkMode = "\${ENABLE_DARK_MODE:true}";
    enablePadWideSettings = "\${ENABLE_PAD_WIDE_SETTINGS:true}";
    dbType = "\${DB_TYPE:dirty}";
    dbSettings = {
      host =       "\${DB_HOST:undefined}";
      port =       "\${DB_PORT:undefined}";
      database =   "\${DB_NAME:undefined}";
      user =       "\${DB_USER:undefined}";
      password =   "\${DB_PASS:undefined}";
      charset =    "\${DB_CHARSET:undefined}";
      filename =   "\${DB_FILENAME:var/dirty.db}";
      collection = "\${DB_COLLECTION:undefined}";
      url =        "\${DB_URL:undefined}";
    };
    defaultPadText = "\${DEFAULT_PAD_TEXT:P A D}";
    padOptions = {
      noColors =         "\${PAD_OPTIONS_NO_COLORS:false}";
      showControls =     "\${PAD_OPTIONS_SHOW_CONTROLS:true}";
      showChat =         "\${PAD_OPTIONS_SHOW_CHAT:true}";
      showLineNumbers =  "\${PAD_OPTIONS_SHOW_LINE_NUMBERS:true}";
      useMonospaceFont = "\${PAD_OPTIONS_USE_MONOSPACE_FONT:false}";
      userName =         "\${PAD_OPTIONS_USER_NAME:null}";
      userColor =        "\${PAD_OPTIONS_USER_COLOR:null}";
      rtl =              "\${PAD_OPTIONS_RTL:false}";
      alwaysShowChat =   "\${PAD_OPTIONS_ALWAYS_SHOW_CHAT:false}";
      chatAndUsers =     "\${PAD_OPTIONS_CHAT_AND_USERS:false}";
      lang =             "\${PAD_OPTIONS_LANG:null}";
      fadeInactiveAuthorColors = "\${PAD_OPTIONS_FADE_INACTIVE_AUTHOR_COLORS:true}";
      enforceReadableAuthorColors = "\${PAD_OPTIONS_ENFORCE_READABLE_AUTHOR_COLORS:true}";
    };

    requireSession = "\${REQUIRE_SESSION:false}";

    editOnly = "\${EDIT_ONLY:false}";
    minify = "\${MINIFY:true}";
    requireAuthentication = "\${REQUIRE_AUTHENTICATION:true}";
    requireAuthorization = "\${REQUIRE_AUTHORIZATION:false}";
    trustProxy = "\${TRUST_PROXY:false}";
    socketTransportProtocols = ["websocket" "polling"];
    socketIo.maxHttpBufferSize = "\${SOCKETIO_MAX_HTTP_BUFFER_SIZE:1000000}";


    
    indentationOnNewLine = true;
    exposeVersion = "\${EXPOSE_VERSION:false}";

    loglevel = "\${LOGLEVEL:INFO}";
    lowerCasePadIds = "\${LOWER_CASE_PAD_IDS:true}";
    sso = {
      issuer = "\${SSO_ISSUER:http://localhost:9001}";
      clients = [
        {
          client_id = "\${ADMIN_CLIENT:admin_client}";
          client_secret = "\${ADMIN_SECRET:admin}";
          grant_types = ["authorization_code"];
          response_types = ["code"];
          redirect_uris = ["\${ADMIN_REDIRECT:http://localhost:9001/admin/}"];
        }
        {
          client_id = "\${USER_CLIENT:user_client}";
          client_secret = "\${USER_SECRET:user}";
          grant_types = ["authorization_code"];
          response_types = ["code"];
          redirect_uris = ["\${USER_REDIRECT:http://localhost:9001/}"];
        }
      ];
    };
  });
  image = pkgs.dockerTools.streamLayeredImage {
    name = "etherpad";
    tag = pkgs.etherpad-lite.version;
    contents = with pkgs;[cacert tzdata bash coreutils curl etherpadSettings ];
    fakeRootCommands = ''
      mkdir -p ./var/lib/etherpad
      chown -R 1000:1000 ./var/lib/etherpad
      mkdir -p ./tmp
      chmod 1777 ./tmp
    '';
    config = {
      Cmd = [ "${pkgs.etherpad-lite}/bin/etherpad-lite" "--settings" "/etc/etherpad/settings.json" ];
      User = "1000:1000";
      WorkingDir = "/var/lib/etherpad";
      ExposedPorts = { "${toString containerCfg.port}/tcp" = {}; };
      Env = [
        "NODE_ENV=production"
        "HOME=/opt/etherpad-lite/var"
        "DB_FILENAME=/opt/etherpad-lite/var/dirty.db"
      ];

    };
  };
in {
  paths = [{
    path="${serverCfg.configPath}/etherpad/data";
    owner = "1000:1000";
    mode = "0755";
  }{
    path="${serverCfg.configPath}/etherpad/APIKEY.txt";
    owner = "1000:1000";
    mode = "0755";
    backup = true;
  }];

  containers = {
    server = builder.mkContainer {
      subdomain = containerCfg.subdomain;
      imageStream = image;
      port = containerCfg.port;
      ip = containerCfg.ip;
      secret = name;
      extraEnv = {
        TITLE = "Pad";
        PORT = toString containerCfg.port;
        DB_TYPE = "postgres";
        DB_HOST = builder.host;
        DB_NAME = "etherpad_db";
        DB_USER = "etherpad_user";
        TRUST_PROXY = "true";
        DB_CHARSET = "utf8mb4";
        DEFAULT_PAD_TEXT = "";
        PAD_OPTIONS_SHOW_LINE_NUMBERS = "true";
        PAD_OPTIONS_USE_MONOSPACE_FONT = "true";
        SKIN_VARIANTS = "super-dark-toolbar light-editor dark-background";
      };
      overrides = {
        volumes = [
          "${serverCfg.configPath}/etherpad/data:/opt/etherpad-lite/var"
          "${serverCfg.configPath}/etherpad/APIKEY.txt:/opt/etherpad-lite/APIKEY.txt"
        ];
      };
    };
  };
}