{ pkgs, lib, ... }:
let
  releaseVersion = app: (builtins.fromJSON (builtins.readFile "/mnt/data/guidelines.json")).${app};
in
{
  virtualisation = {
    podman = {
      enable = true;
      dockerCompat = true;
    };

    oci-containers = {
      backend = "podman";
    };

    oci-containers.containers."api" = {
      image = "registry.gitlab.com/infektweb/glv5/api:${releaseVersion "api"}";
      ports = [
        "8001:8080"
      ];
      extraOptions = [
        "--add-host=host:10.0.1.51"
      ];
      environment = {
        "PORT" = "8080";
        "BASE_CLIENT_URL" = "http://[space].test-glv5.guidelines.ch";
        "ENVIRONMENT" = (builtins.readFile /opt/cloud-init-misc-data/environment);
        "VAULT_SECRET_PATH" = "kv/data/guidelines/${(builtins.readFile /opt/cloud-init-misc-data/environment)}/api";
        "VAULT_URL" = "http://host:8200";
        
      };
      volumes = [
        "/mnt/data/vault-guidelines-api-token:/vault-token"
      ];
      #extraDockerOptions = [ "--network=foo" ];
    };

    oci-containers.containers."web" = {
      image = "registry.gitlab.com/infektweb/glv5/web";
      ports = [
        "80:8080"
      ];
      extraOptions = [
        "--add-host=host:10.0.1.51"
      ];
      environment = {
        "API_URL" = "http://host:8001";
      };
    };

    #oci-containers.containers."containerapi" = {
    #  image = "alpine";
    #  volumes = [
    #    "/run/podman-containers.sock:/podman-containers.sock"
    #  ];
    #  entrypoint = "/bin/sleep";
    #  cmd = ["10000"];
    #};
  };

  systemd.services.docker-podman-rest-api = {
    serviceConfig.Type = "simple";
    serviceConfig.Restart = lib.mkForce "always";
    wantedBy = [ "multi-user.target" ];
    script = ''
           /run/current-system/sw/bin/podman system service --time=0 unix:///run/podman-containers.sock
    '';
  };

  services.redis.enable = true;
  services.redis.requirePass = "p15c4e6538de2061edd65a52ab216ba071d78b1532a937c1c3d5821d5c571c0cf";
  networking.firewall.allowedTCPPorts = [ 6379 ];
}