{ lib, pkgs, mediaStackPaths, ... }:
let
  configDir = mediaStackPaths.organizrDataDir;
in
{
  users.groups.organizr = { gid = 950; };
  users.users.organizr = {
    isSystemUser = true;
    uid = 950;
    group = "organizr";
  };

  systemd.tmpfiles.settings."r5500-organizr-config" = {
    "${configDir}"."d" = {
      mode = "0755";
      user = "organizr";
      group = "organizr";
    };
  };

  systemd.tmpfiles.settings."r5500-organizr-config-perms" = {
    "${configDir}"."Z" = {
      mode = "0755";
      user = "organizr";
      group = "organizr";
    };
  };

  systemd.services.docker-organizr.preStart = lib.mkBefore ''
    ${pkgs.coreutils}/bin/mkdir -p ${configDir}
    ${pkgs.coreutils}/bin/chown -R organizr:organizr ${configDir}
  '';

  virtualisation.oci-containers.containers.organizr = {
    image = "ghcr.io/organizr/organizr:latest";
    ports = [ "8888:80" ];
    volumes = [
      "${configDir}:/config"
    ];
    environment = {
      PUID = "950";
      PGID = "950";
      TZ = "America/Moncton";
    };
  };

  networking.firewall.allowedTCPPorts = [ 8888 ];
}