{config, ...}: let
  vars = import ../../../../vars.nix;
in {
  virtualisation.arion = {
    projects.auth.settings = {
      imports = [./arion-compose.nix];
    };
  };

  sops.secrets."auth/postgres_db" = {
    owner = vars.user;
  };
  sops.secrets."auth/postgres_user" = {
    owner = vars.user;
  };
  sops.secrets."auth/postgres_pw" = {
    owner = vars.user;
  };
  sops.secrets."auth/authentik_secret_key" = {
    owner = vars.user;
  };

  sops.templates."auth-postgres.env" = {
    path = "/home/${vars.user}/.docker/auth/postgres.env";
    owner = vars.user;
    mode = "0775";
    content = ''
      POSTGRES_PASSWORD="${config.sops.placeholder."auth/postgres_pw"}"
      POSTGRES_USER="${config.sops.placeholder."auth/postgres_user"}"
      POSTGRES_DB="${config.sops.placeholder."auth/postgres_db"}"
    '';
  };

  sops.templates."auth-authentik.env" = {
    path = "/home/${vars.user}/.docker/auth/authentik.env";
    owner = vars.user;
    mode = "0775";
    content = ''
      AUTHENTIK_POSTGRESQL__PASSWORD="${config.sops.placeholder."auth/postgres_pw"}"
      AUTHENTIK_POSTGRESQL__USER="${config.sops.placeholder."auth/postgres_user"}"
      AUTHENTIK_POSTGRESQL__NAME="${config.sops.placeholder."auth/postgres_db"}"
      AUTHENTIK_SECRET_KEY="${config.sops.placeholder."auth/authentik_secret_key"}"
    '';
  };
}