{ config, containerCfg, pkgs, lib, builder, name,... }:
let 
  serverCfg = config.syscfg.server;
  image = pkgs.dockerTools.streamLayeredImage {
    name = "etherpad";
    tag = pkgs.etherpad-lite.version;
    contents = with pkgs;[ etherpad-lite bash coreutils cacert curl ];
    fakeRootCommands = ''
      mkdir -p ./var/lib/etherpad
      chown -R 1000:1000 ./var/lib/etherpad
      mkdir -p ./tmp
      chmod 1777 ./tmp
    '';
    config = {
      Cmd = [ "${pkgs.etherpad-lite}/bin/etherpad-lite" ];
      User = "1000:1000";
      WorkingDir = "/var/lib/etherpad";
      ExposedPorts = { "${toString containerCfg.port}/tcp" = {}; };
      Env = [
        "NODE_ENV=production"
        "HOME=/opt/etherpad-lite/var"
        "DB_FILENAME=/opt/etherpad-lite/var/dirty.db"
      ];

    };
  };
in {
  paths = [{
    path="${serverCfg.configPath}/etherpad/data";
    owner = "1000:1000";
    mode = "0755";
  }{
    path="${serverCfg.configPath}/etherpad/APIKEY.txt";
    owner = "1000:1000";
    mode = "0755";
    backup = true;
  }];

  containers = {
    server = builder.mkContainer {
      subdomain = containerCfg.subdomain;
      imageStream = image;
      port = containerCfg.port;
      ip = containerCfg.ip;
      secret = name;
      extraEnv = {
        "TITLE" = "Pad";
        "PORT" = toString containerCfg.port;
        "DB_TYPE" = "postgres";
        "DB_HOST" = builder.host;
        "DB_NAME" = "etherpad_db";
        "DB_USER" = "etherpad_user";
        "TRUST_PROXY" = "true";
        "DEFAULT_PAD_TEXT" = "";
        "PAD_OPTIONS_SHOW_LINE_NUMBERS" = "true";
        "PAD_OPTIONS_USE_MONOSPACE_FONT" = "true";
        "SKIN_VARIANTS" = "super-dark-toolbar light-editor dark-background";
      };
      overrides = {
        volumes = [
          "${serverCfg.configPath}/etherpad/data:/opt/etherpad-lite/var"
          "${serverCfg.configPath}/etherpad/APIKEY.txt:/opt/etherpad-lite/APIKEY.txt"
        ];
      };
    };
  };
}