{ pkgs, ... }:
{
  users.users = {
    memos = {
      isSystemUser = true;
      group = "memos";
    };
  };

  users.groups = {
    memos = { };
  };

  environment.systemPackages = [ pkgs.memos ];

  systemd.tmpfiles.settings = {
    memosDirs = {
      "/var/opt/memos".d = {
        mode = "700";
        user = "memos";
        group = "memos";
      };
    };
  };

  # systemd.services = {
  #   memos = {
  #     description = "Memos Note-taking Server";
  #     wantedBy = [ "multi-user.target" ];
  #     after = [ "network.target" ];
  #     serviceConfig = {
  #       Type = "simple";
  #       User = "memos";
  #       WorkingDirectory = "/var/opt/memos";
  #       ExecStart = "${pkgs.memos}/bin/memos --data /var/opt/memos --port 5230";
  #       Restart = "on-failure";
  #       TimeoutSec = 15;
  #     };
  #   };
  # };

  networking.firewall = {
    allowedTCPPorts = [ 5230 ];
  };
}