{ config, lib, pkgs, ... }: let

    hostPort = 9006;

    subdomain = "vpn";

    name = "netbird";

in {

    options.sysconfig.docker.netbird.enable = with lib; mkOption {
        type = with types; bool;
        default = false;
    };

    config = lib.mkIf (config.sysconfig.docker.netbird.enable && config.sysconfig.docker.enable) {
 
        networking.firewall.interfaces = {
            "ve-traefik" = {
                allowedTCPPorts = [ hostPort ];
            };
        };

        sops.secrets = {
            "netbird/pass" = {};
            "netbird/secret_key" = {};
        };

        sops.templates."netbird.env" = {
            content = ''
                PG_PASS=${config.sops.placeholder."netbird/pass"}
                SECRET_KEY=${config.sops.placeholder."netbird/secret_key"}
            '';
        };
    };
}