{ config, pkgs, lib, ... }:
let
  serviceValidation = import ../validation/service/kiwix.nix;
  service_data = import ../config/services.nix;
  kiwix = serviceValidation.getKiwix service_data;

  rootDir = kiwix.root_dir;

  webPort = kiwix.port;
in { 
  systemd.tmpfiles.rules = [
    "d ${rootDir} 0755 root root - -"
    "d ${rootDir}/data 0755 root root - -"
  ];

  virtualisation.oci-containers.containers = {
    kiwix-serve = {
      image = "ghcr.io/kiwix/kiwix-serve:3.8.2";
      ports = ["${toString webPort}:8080"];
      volumes = ["${rootDir}/:/data:ro"];
      cmd = [
        "--monitorLibrary"
        "--library" "/data/library.xml"
      ];
      environment = {
        TZ = "Europe/Berlin";
      };
      extraOptions = [
        "--memory=512m"
        "--memory-swap=512m"
        "--cpus=1"
      ];
      autoStart = true;
    };
  };

  networking.firewall = {
    allowedTCPPorts = [ webPort ];
  };
}