{ settings, lib, pkgs, ... }:
let
  dockerNetwork = "archivebox";

  sonicConfig = {
    server = {
      log_level = "warn";
    };
    channel = {
      inet = "0.0.0.0:1491";
      tcp_timeout = 300;
      auth_password = "\${env.SEARCH_BACKEND_PASSWORD}";
      search = {
        query_limit_default = 65535;
        query_limit_maximum = 65535;
        query_alternates_try = 10;
        suggest_limit_default = 5;
        suggest_limit_maximum = 20;
      };
    };
    store = {
      kv = {
        path = "/var/lib/sonic/store/kv/";
        retain_word_objects = 100000;
        pool = {
          inactive_after = 1800;
        };
        database = {
          flush_after = 900;
          compress = true;
          parallelism = 2;
          max_files = 100;
          max_compactions = 1;
          max_flushes = 1;
          write_buffer = 16384;
          write_ahead_log = true;
        };
      };
      fst = {
        path = "/var/lib/sonic/store/fst/";
        pool = {
          inactive_after = 300;
        };
        graph = {
          consolidate_after = 180;
          max_size = 2048;
          max_words = 250000;
        };
      };
    };
  };

  port = 4009;
in
{
  system.activationScripts.archivebox-docker-network = ''
    ${lib.getExe pkgs.docker} network inspect ${dockerNetwork} || ${lib.getExe pkgs.docker} network create ${dockerNetwork}
  '';

  virtualisation.oci-containers.containers = {
    archivebox = {
      autoStart = true;
      image = "docker.io/archivebox/archivebox:0.7.3";
      ports = [
        "${toString port}:8000"
      ];
      environment = {
        SEARCH_BACKEND_ENGINE = "sonic";
        SEARCH_BACKEND_HOST_NAME = "sonic";
      };
      environmentFiles = [
        "/etc/secrets/sonic.env"
      ];
      volumes = [
        "${settings.server_configs_home}/archivebox:/data"
      ];
      extraOptions = [
        "--network=${dockerNetwork}"
      ];
    };

    sonic = {
      autoStart = true;
      hostname = "sonic";
      image = "docker.io/valeriansaliou/sonic:latest";
      environmentFiles = [
        "/etc/secrets/sonic.env"
      ];
      volumes = [
        "${(pkgs.formats.toml {}).generate "sonic.cfg" sonicConfig}:/etc/sonic.cfg:ro"
        "${settings.server_configs_home}/sonic:/var/lib/sonic/store"
      ];
      extraOptions = [
        "--network=${dockerNetwork}"
      ];
    };
  };

  services = {
    borgbackup.jobs."borgbase".paths = [
      "/home/owo/Documents/server_configs/archivebox"
      "/home/owo/Documents/server_configs/sonic"
    ];

    caddy.virtualHosts."http://archive.internal".extraConfig = ''
      @local remote_ip private_ranges 100.64.0.0/10
      reverse_proxy @local :${toString port}
    '';
  };
}