{
  config,
  ...
}:
let
  name = "panel";
in
{
  imports = [
    (import ../../../panel { }).module
  ];

  security.acme = {
    acceptTerms = true;
    defaults.email = "beheer@procolix.com";
  };

  age.secrets.panel-ssh-key = {
    owner = name;
    mode = "400";
  };

  programs.ssh.startAgent = true;

  home-manager = {
    users.${name}.home = {
      stateVersion = "25.05";
      file.".ssh/config" = {
        text = ''
          IdentityFile ${config.age.secrets.panel-ssh-key.path}
        '';
      };
    };
  };

  services.${name} = {
    enable = true;
    production = true;
    domain = "demo.fediversity.eu";
    # FIXME: make it work without this duplication
    settings =
      let
        cfg = config.services.${name};
      in
      {
        STATIC_ROOT = "/var/lib/${name}/static";
        DEBUG = false;
        ALLOWED_HOSTS = [
          cfg.domain
          cfg.host
          "localhost"
          "[::1]"
        ];
        CSRF_TRUSTED_ORIGINS = [ "https://${cfg.domain}" ];
        COMPRESS_OFFLINE = true;
        LIBSASS_OUTPUT_STYLE = "compressed";
      };
    secrets = {
      SECRET_KEY = config.age.secrets.panel-secret-key.path;
    };
    port = 8000;
  };
}