{ config, lib, pkgs, ... }: let

    subdomain = "watch";

    name = "jellyfin";

in {

    options.sysconfig.docker.jellyfin.enable = with lib; mkOption {
        type = with types; bool;
        default = false;
    };

    config = lib.mkIf (config.sysconfig.docker.jellyfin.enable && config.sysconfig.docker.enable) {

        networking.firewall.allowedUDPPorts = [ 7359 ];

        virtualisation.oci-containers.containers.jellyfin = {
            image = "jellyfin/jellyfin:10.11.6";

            # unstable, waiting for 26.05
            #pull = "newer";

            hostname = "${subdomain}.esotericbytes.com";

            networks = [
                "docker-main"
            ];

            ports = [
                "7359:7359/udp"
            ];

            volumes = [
                "vol_jellyfin-config:/config"
                "vol_jellyfin-cache:/cache"

                "/etc/jellyfin/media"
            ];

            labels = {
                "traefik.enable" = "true";
                "traefik.http.routers.${name}.entrypoints" = "localsecure";
                "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
                "traefik.http.routers.${name}.service" = "${name}";
                "traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
                
                "traefik.http.services.${name}.loadbalancer.server.port" = "8096";
            };

            extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
                "--device=nvidia.com/gpu=all"
                "--ip=192.168.101.21"
            ];

            environment = {
                JELLYFIN_PublishedServerUrl = "https://${subdomain}.esotericbytes.com";
            };
        };

        systemd.services."docker-jellyfin" = {
            serviceConfig = {
                Restart = lib.mkOverride 90 "always";
                RestartMaxDelaySec = lib.mkOverride 90 "1m";
                RestartSec = lib.mkOverride 90 "100ms";
                RestartSteps = lib.mkOverride 90 9;
            };
            after = [
                "docker-network-setup.service"
                "docker-volume-jellyfin-config.service" 
                "docker-volume-jellyfin-cache.service" 
            ];
            requires = [
                "docker-network-setup.service"
                "docker-volume-jellyfin-config.service" 
                "docker-volume-jellyfin-cache.service" 
            ];
            partOf = [
                "docker-compose-jellyfin-root.target"
            ];
            wantedBy = [
                "docker-compose-jellyfin-root.target"
            ];
        };

        systemd.services."docker-volume-jellyfin-config" = {
            path = [ pkgs.docker ];
            serviceConfig = {
                Type = "oneshot";
                RemainAfterExit = true;
            };
            script = ''
                docker volume inspect vol_jellyfin-config || docker volume create vol_jellyfin-config --driver=local
                '';
            partOf = [ "docker-compose-jellyfin-root.target" ];
            wantedBy = [ "docker-compose-jellyfin-root.target" ];
        };
        
        systemd.services."docker-volume-jellyfin-cache" = {
            path = [ pkgs.docker ];
            serviceConfig = {
                Type = "oneshot";
                RemainAfterExit = true;
            };
            script = ''
                docker volume inspect vol_jellyfin-cache || docker volume create vol_jellyfin-cache --driver=local
                '';
            partOf = [ "docker-compose-jellyfin-root.target" ];
            wantedBy = [ "docker-compose-jellyfin-root.target" ];
        };

        systemd.targets."docker-compose-jellyfin-root" = {
            wantedBy = [ "multi-user.target" ];
        };

    };
}