{self, ...}: {
  flake.nixosModules.seerr = {
    config,
    lib,
    pkgs,
    ...
  }: {
    imports = [
      self.nixosModules.hostOptions
    ];

    services.seerr = {
      enable = true;
      openFirewall = false;
      configDir = "${config.hostOptions.server.dataPath}/seerr";
      port = 5055;
    };

    users.users.seerr = {
      isSystemUser = true;
      group = "seerr";
    };

    users.groups.seerr = {};
    systemd.services.seerr.serviceConfig = {
      DynamicUser = lib.mkForce false;
      User = lib.mkForce "seerr";
      Group = lib.mkForce "seerr";
      ReadWritePaths = ["${config.hostOptions.server.dataPath}/seerr"];
      ExecStart = lib.mkForce "${pkgs.seerr}/bin/seerr";
    };

    services.nginx.virtualHosts."seerr.${config.hostOptions.server.domain}" = {
      enableACME = true;
      forceSSL = true;
      locations."/".proxyPass = "http://127.0.0.1:5055";
      locations."/".proxyWebSockets = true;
    };
  };
}