{
  config,
  pkgs,
  ...
}:

let
  vars = import ./vars.nix;
  basePath = "${vars.primary_minio}/garage";
in
{
  services.garage = {
    enable = true;
    package = pkgs.garage;
    logLevel = "info";
    settings = {
      metadata_dir = "${basePath}/meta";
      data_dir = "${basePath}/data";
      db_engine = "sqlite";
      replication_factor = 1;

      rpc_bind_addr = "127.0.0.1:8504";
      rpc_public_addr = "127.0.0.1:8504";
      rpc_secret_file = config.sops.secrets."garage/rpc-secret".path;

      s3_api = {
        api_bind_addr = "127.0.0.1:8502";
        s3_region = "us-east-1";
        root_domain = ".s3.nayeonie.com";
      };

      admin = {
        api_bind_addr = "127.0.0.1:8503";
        admin_token_file = config.sops.secrets."garage/admin-token".path;
      };
    };
  };

  systemd.tmpfiles.rules = [
    "d ${basePath}/meta 0750 garage garage -"
    "d ${basePath}/data 0750 garage garage -"
  ];

  sops.secrets = {
    "garage/rpc-secret" = { };
    "garage/admin-token" = { };
  };
}