{
  lib,
  config,
  ...
}:
let
  enabled = config.mod.whib-backend.enable;
in
{
  options = {
    mod.whib-backend = {
      enable = lib.mkEnableOption "enable WHIB backend";
    };
  };

  config = lib.mkIf enabled {
    services.whib-backend = {
      enable = true;
      domain = "whib-backend.local";

      backend = {
        signingKey = "super-secret-key";
      };

      postgres = {
        password = "postgrespassword";
      };
    };

    virtualisation.vmVariant = {
      virtualisation = {
        sharedDirectories = {
          my-shared = {
            source = "/home/alex/whib-backup";
            target = "/mnt/shared";
          };
        };

        forwardPorts = [
          {
            from = "host";
            host.port = 8080;
            guest.port = 8080;
          }
          {
            from = "host";
            host.port = 5432;
            guest.port = 5432;
          }
        ];
      };
    };
  };
}