{
  config,
  pkgs,
  lib,
  clanCore,
  factsGenerator,
  components,
  inputs,
  ...
}:
let
  surrealdbPort = 8000;
in
{

  networking.firewall.interfaces.wg0.allowedTCPPorts = [ surrealdbPort ];
  verify.closed.public.ports.surrealdb = [ surrealdbPort ];

  containers.surrealdb = {
    privateNetwork = false;
    autoStart = true;

    config =
      { config, lib, ... }:
      {
        nixpkgs.pkgs = pkgs;
        imports = [
          "${components}/monitor/container.nix"
          inputs.nix-topology.nixosModules.default
        ];
        system.stateVersion = "24.05";
        services.logrotate.checkConfig = false; # because uid 3000 does not exist in here

        # Photoprism
        # ----------
        services.surrealdb = {
          enable = true;
          host = "0.0.0.0";
          port = surrealdbPort;
          extraFlags = [
            "--auth"
            "--user"
            "root"
            "--pass"
            "root"
          ];
        };

      };
  };

}