{
  config,
  pkgs,
  lib,
  ...
}: let
  cfg = config.services.vm_netbox;
in {
  options.services.vm_netbox = {
    enable = lib.mkEnableOption "Enable minimal config";
    pgsql_ip = lib.mkOption {
      type = lib.types.str;
      description = "Netbox database IP address";
    };
  };
  config = lib.mkIf cfg.enable {
    age.secrets.netbox-lapi-key = {
        file = ../../secrets/netbox-lapi-key.age;
        owner = "crowdsec";
      };
    };
    services = {
      crowdsec = {
        settings.lapi.credentialsFile = "${config.age.secrets.netbox-lapi-key.path}";
        localConfig = {
          acquisitions = [
            {
              source = "journalctl";
              journalctl_filter = [ "_SYSTEMD_UNIT=netbox.service" ];
              labels = {
                type = "syslog";
              };
            }
          ];
        };
      };
      netbox = {
        enable = true;
        package = pkgs.netbox_3_7;
        port = 8001;
      };
    };
    networking.firewall.allowedTCPPorts = [8001];
  };
}