{ lib, ... }:
let
  inherit (lib.lists) singleton;
  directory = "/opt/freshrss";
  port = "8888";
in
{
  systemd.tmpfiles.rules = builtins.map (x: "d ${x} 0755 share share - -") (singleton directory);

  virtualisation.oci-containers.containers.freshrss = {
    image = "freshrss/freshrss:latest";
    autoStart = true;
    ports = singleton "${port}:80";
    volumes = [
      "${directory}/data:/var/www/FreshRSS/data"
      "${directory}/extensions:/var/www/FreshRSS/extensions"
    ];
    environment = {
      TZ = "America/Detroit";
      CRON_MIN = "*/20";
    };
  };

  services.caddy.virtualHosts."fresh.brownbread.net".extraConfig = ''
    encode zstd gzip
    reverse_proxy http://localhost:${port}
  '';
}