{ config, pkgs, ... }:

{
  virtualisation.oci-containers.backend = "podman";
  virtualisation.oci-containers.containers = {
    phpldapadmin = {
      image = "phpldapadmin/phpldapadmin:latest";
      autoStart = true;
      ports = [
        "80:8087/tcp"
      ];
      environmentFiles = [
        config.sops.secrets.phpldapadmin.path
      ];
    };
  };

  systemd.timers."restart-phpldapadmin" = {
    wantedBy = [ "timers.target" ];
      timerConfig = {
        OnCalendar = "*-*-* 3:00:00";
        Unit = "restart-phpldapadmin.service";
      };
  };

  systemd.services."restart-phpldapadmin" = {
    script = ''
      set -eu
      if ${pkgs.systemd}/bin/systemctl is-active --quiet podman-phpldapadmin.service; then
          ${pkgs.systemd}/bin/systemctl restart podman-phpldapadmin.service
      fi
    '';
    serviceConfig = {
      Type = "oneshot";
      User = "root";
    };
  };

  sops.secrets.phpldapadmin = {};
}