{ ... }: {
  users.users.homeassistant = {
    isSystemUser = true;
    group = "homeassistant";
    home = "/var/lib/homeassistant";
    createHome = true;
  };
  users.groups.homeassistant = { };

  # TODO: check if we can run docker service as other user than root
  virtualisation = {
    oci-containers.containers = {
      homeassistant = {
        autoStart = true;
        image = "ghcr.io/home-assistant/home-assistant:2023.9.3";
        volumes = [
          "/var/lib/homeassistant:/config"
        ];
        environment.TZ = "Europe/Vienna";
        extraOptions = [
          "--network=server"
          "--mac-address=1a:c4:04:6e:29:01"
          "--device=/dev/serial/by-id/usb-EnOcean_GmbH_EnOcean_USB_300_DC_FT5OI9YG-if00-port0:/dev/serial/by-id/usb-EnOcean_GmbH_EnOcean_USB_300_DC_FT5OI9YG-if00-port0"
        ];
      };
    };
  };

  services.nginx.virtualHosts."home-assistant.cloonar.com" = {
    forceSSL = true;
    enableACME = true;
    acmeRoot = null;
    extraConfig = ''
      proxy_buffering off;
    '';
    locations."/".extraConfig = ''
      proxy_pass http://10.42.97.20:8123;
      proxy_set_header Host $host;
      proxy_redirect http:// https://;
      proxy_http_version 1.1;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;
    '';
  };
}