{
  lib,
  pkgs,
  config,
  ...
}:
let
  inherit (lib) mkIf mkOption mkEnableOption;
  inherit (lib.types) port bool str;
  cfg = config.modules.container.kitchenowl;
in
{
  options.modules.container.kitchenowl = {
    enable = mkEnableOption "kitchenowl container";
    port = mkOption {
      type = port;
      default = 82;
    };
    openFirewall = mkOption {
      type = bool;
      default = false;
    };
    version = mkOption {
      type = str;
      default = "latest";
    };
  };

  config = mkIf cfg.enable {
    modules.container.enable = true;

    networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ];

    virtualisation.oci-containers.containers."kitchenowl-back" = {
      image = "tombursch/kitchenowl:${toString cfg.version}";
      environment = {
        "JWT_SECRET_KEY" = "PLEASE_CHANGE_ME";
      };
      volumes = [
        "kitchenowl_kitchenowl_data:/data:rw"
      ];
      ports = [
        "${toString cfg.port}:8080/tcp"
      ];
      log-driver = "journald";
      extraOptions = [
        "--network-alias=back"
        "--network=kitchenowl_default"
      ];
    };
    systemd.services."podman-kitchenowl-back" = {
      serviceConfig = {
        Restart = lib.mkOverride 500 "always";
      };
      after = [
        "podman-network-kitchenowl_default.service"
        "podman-volume-kitchenowl_kitchenowl_data.service"
      ];
      requires = [
        "podman-network-kitchenowl_default.service"
        "podman-volume-kitchenowl_kitchenowl_data.service"
      ];
      partOf = [
        "podman-compose-kitchenowl-root.target"
      ];
      wantedBy = [
        "podman-compose-kitchenowl-root.target"
      ];
    };

    # Networks
    systemd.services."podman-network-kitchenowl_default" = {
      path = [ pkgs.podman ];
      serviceConfig = {
        Type = "oneshot";
        RemainAfterExit = true;
        ExecStop = "podman network rm -f kitchenowl_default";
      };
      script = ''
        podman network inspect kitchenowl_default || podman network create kitchenowl_default
      '';
      partOf = [ "podman-compose-kitchenowl-root.target" ];
      wantedBy = [ "podman-compose-kitchenowl-root.target" ];
    };

    # Volumes
    systemd.services."podman-volume-kitchenowl_kitchenowl_data" = {
      path = [ pkgs.podman ];
      serviceConfig = {
        Type = "oneshot";
        RemainAfterExit = true;
      };
      script = ''
        podman volume inspect kitchenowl_kitchenowl_data || podman volume create kitchenowl_kitchenowl_data
      '';
      partOf = [ "podman-compose-kitchenowl-root.target" ];
      wantedBy = [ "podman-compose-kitchenowl-root.target" ];
    };

    # Root service
    # When started, this will automatically create all resources and start
    # the containers. When stopped, this will teardown all resources.
    systemd.targets."podman-compose-kitchenowl-root" = {
      unitConfig = {
        Description = "Root target generated by compose2nix.";
      };
      wantedBy = [ "multi-user.target" ];
    };
  };
}