{ lib, config, ... }:
let
  nginxEnabled = config.mod.nginx.enable;
in
{
  hardware.bluetooth.enable = true;

  virtualisation.oci-containers = {
    backend = "podman";

    containers.homeassistant = {
      image = "ghcr.io/home-assistant/home-assistant:stable";

      volumes = [
        "/home/alex/.config/home-assistant:/config"
        # Pass in bluetooth
        "/run/dbus:/run/dbus:ro"
      ];

      environment.TZ = "Europe/Stockholm";

      extraOptions = [
        "--network=host"

        # Allows HA to perform low-level network operations (scan/reset adapter)
        "--cap-add=NET_ADMIN"
        "--cap-add=NET_RAW"

        # Pass in Zigbee antenna
        "--device=/dev/serial/by-id/usb-Nabu_Casa_ZBT-2_9C139EAAD464-if00:/dev/ttyACM0"
      ];
    };
  };

  services = {
    blueman.enable = true;

    nginx = lib.mkIf nginxEnabled {
      recommendedProxySettings = true;

      virtualHosts."ha.ppp.pm" = {
        forceSSL = true;
        useACMEHost = "ha.ppp.pm";

        extraConfig = ''
          proxy_buffering off;
        '';

        locations."/" = {
          proxyPass = "http://127.0.0.1:8123";
          proxyWebsockets = true;
        };
      };
    };
  };

  age = {
    secrets = {
      "hetzner-dns".file = ../../../../secrets/manatee/hetzner-dns.age;
    };
  };
}