{
  config,
  lib,
  ...
}:
with lib; let
  psCfg = config.pub-solar;
  cfg = config.pub-solar.paperless;
in {
  imports = [
    ./container.nix
    ./nginx.nix
  ];

  options.pub-solar.paperless = {
    enable = mkEnableOption {default = false;};
    openFirewall = mkEnableOption (lib.mdDoc "opening of the relay port(s) in the firewall");

    domain = mkOption {
      type = types.str;
      default = "paperless.local";
    };

    path = mkOption {
      type = types.str;
      description = "Sets the path to listen on. Use empty string to listen on root.";
      default = "";
    };

    hostStateDir = mkOption {
      type = types.str;
      default = "/var/lib/paperless-container";
    };

    listenPort = mkOption {
      type = types.int;
      default = 80;
    };

    # ftp
    ftp = {
      enable = mkEnableOption (lib.mdDoc ''enable vsftpd ftp service'');
      listenPort = mkOption {
        type = types.int;
        default = 21;
      };
      pasvMinPort = mkOption {
        type = types.int;
        default = 20021;
      };
      pasvMaxPort = mkOption {
        type = types.int;
        default = 22021;
      };
    };

    # nextcloud
    nextcloud = {
      enable = mkEnableOption (lib.mdDoc ''enable backup to nextcloud'');
    };
  };

  config = mkIf cfg.enable {
    networking.firewall = {
      allowedTCPPorts = [
        cfg.listenPort
        cfg.ftp.listenPort
      ];

      allowedTCPPortRanges = [
        {
          from = cfg.ftp.pasvMinPort;
          to = cfg.ftp.pasvMaxPort;
        }
      ];
    };

  };
}