{ config, ... }:
{
  config.sops.secrets.ps5-mqtt-env = {
    sopsFile = ./secrets.yaml;
    restartUnits = [ "podman-ps5Mqtt.service" ];
  };

  config.virtualisation.oci-containers.containers = {
    ps5Mqtt = {
      image = "ghcr.io/funkeyflo/ps5-mqtt/amd64:latest ";
      # ports = ["127.0.0.1:8645:8645"];
      volumes = [
        "/var/lib/ps5-mqtt:/config"
      ];
      # entrypoint = "/config/run.sh";
      entrypoint = "/usr/bin/node";
      cmd = [
        "app/server/dist/index.js"
      ];
      # entrypoint = "/bin/bash";
      # cmd = [
      #   "-c \"echo $MQTT_HOST\""
      # ];
      environmentFiles = [
        config.sops.secrets.ps5-mqtt-env.path
      ];
      extraOptions = [
        "--network=host"
      ];
    };
  };

  config.networking.firewall = {
    enable = true;
    allowedTCPPorts = [ 8645 ];
  };
}