{ config, pkgs, ... }:
{

    services.mealie = {
        enable = true;
        listenAddress = "127.0.0.1";
	credentialsFile = config.age.secrets."services/mealie/credentialsFile".path;
        settings = {
            ALLOW_SIGNUP = "false";
	    DB_ENGINE = "postgres";
	    TZ = "Europe/Berlin";
	    PGID = "911";
	    PUID = "911";
        };
    };

    services.nginx = {
      enable = true;
      virtualHosts = {
        "mealie.kabtop.de" = {
          enableACME = true;
          forceSSL = true;
          locations."/".proxyPass = "http://localhost:9000";
        };
      };
    };

    users = {
      users = {
        mealie = {
	  uid = 911;
	  group = "mealie";
	  isSystemUser = true;
	};
      };
      groups = {
        mealie = {
	  gid = 911;
	};
      };
    };

    age.secrets."services/mealie/credentialsFile" = {
        file = ../../../secrets/services/mealie/credentialsFile.age;
        owner = "mealie";
    };

    security.acme.defaults.email = "webmaster@kabtop.de";
    security.acme.defaults.webroot = "/var/lib/acme/acme-challenge";
    security.acme.acceptTerms = true;

}