# Auto-generated using compose2nix v0.1.7.
{ pkgs, lib, ... }: {
    services.cron = {
      enable = true;
      systemCronJobs = [
          ''0 0 * * * root rsync -avr  root@framework-server:/Storage/Data/Docker/sysctl.io/letsencrypt/ /Storage/Data/Docker/sysctl.io/letsencrypt/''
      ];
    };

  # Runtime
  virtualisation.podman = {
    enable = true;
    autoPrune.enable = true;
    dockerCompat = true;
    defaultNetwork.settings = {
      # Required for container networking to be able to use names.
      dns_enabled = true;
    };
  };
  virtualisation.oci-containers.backend = "podman";

  # Containers
  virtualisation.oci-containers.containers."headscale-derp" = {
    image = "fredliang/derper";
    environment = {
      DERP_ADDR = ":1443";
      DERP_CERT_DIR = "/app/certs";
      DERP_CERT_MODE = "manual";
      DERP_DOMAIN = "sysctl.io";
      DERP_STUN = "true";
    };
    volumes = [
      "/Storage/Data/Docker/sysctl.io/letsencrypt/external/certificates/certs/*.sysctl.io.crt:/app/certs/sysctl.io.crt:ro"
      "/Storage/Data/Docker/sysctl.io/letsencrypt/external/certificates/private/*.sysctl.io.key:/app/certs/sysctl.io.key:ro"
    ];
    ports = [
      "3478:3478/udp"
      "1443:1443/tcp"
    ];
    log-driver = "journald";
    extraOptions = [
      "--network-alias=headscale-derp"
      "--network=headscale-default"
    ];
  };
  systemd.services."podman-headscale-derp" = {
    serviceConfig = {
      Restart = lib.mkOverride 500 "always";
    };
    after = [
      "podman-network-headscale-default.service"
    ];
    requires = [
      "podman-network-headscale-default.service"
    ];
    partOf = [
      "podman-compose-headscale-root.target"
    ];
    wantedBy = [
      "podman-compose-headscale-root.target"
    ];
  };

  # Networks
  systemd.services."podman-network-headscale-default" = {
    path = [ pkgs.podman ];
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = true;
      ExecStop = "${pkgs.podman}/bin/podman network rm -f headscale-default";
    };
    script = ''
      podman network inspect headscale-default || podman network create headscale-default --opt isolate=true
    '';
    partOf = [ "podman-compose-headscale-root.target" ];
    wantedBy = [ "podman-compose-headscale-root.target" ];
  };

  # Root service
  # When started, this will automatically create all resources and start
  # the containers. When stopped, this will teardown all resources.
  systemd.targets."podman-compose-headscale-root" = {
    unitConfig = {
      Description = "Root target generated by compose2nix.";
    };
    wantedBy = [ "multi-user.target" ];
  };
}