{
  config,
  lib,
  ...
}:
with lib; let
  cfg = config.nixfiles.modules.gotify;
in {
  options.nixfiles.modules.gotify = {
    enable = mkEnableOption "Whether to enable Gotify.";

    domain = mkOption {
      description = "Domain name sans protocol scheme.";
      type = with types; str;
      default = "gotify.${config.networking.domain}";
    };
  };

  config = let
    db = "gotify";
  in
    mkIf cfg.enable {
      nixfiles.modules = {
        nginx = {
          enable = true;
          virtualHosts.${cfg.domain} = {
            locations."/" = {
              proxyPass = "http://127.0.0.1:${toString config.services.gotify.port}";
              proxyWebsockets = true;
            };
          };
        };
        postgresql.enable = true;
      };

      services = {
        gotify = {
          enable = true;
          port = 7665;
        };

        postgresql = {
          ensureDatabases = [db];
          ensureUsers = [
            {
              name = db;
              ensurePermissions."DATABASE \"${db}\"" = "ALL PRIVILEGES";
            }
          ];
        };
      };

      systemd.services.gotify-server = {
        after = ["network-online.target" "postgresql.service"];
        environment = {
          GOTIFY_DATABASE_DIALECT = "postgres";
          GOTIFY_DATABASE_CONNECTION = concatStringsSep " " [
            "host=/run/postgresql"
            "user=${db}"
            "dbname=${db}"
            "sslmode=disable"
          ];
        };
      };
    };
}