{
  config,
  lib,
  ...
}: let
  serviceName = "ntfy-sh";
  portUtils = import ../../../lib/port-utils.nix {inherit lib;};
  servicePort = portUtils.getPort "ntfy-sh" "AZ-CLD-1";
in {
  services.${serviceName} = {
    enable = true;
    settings = {
      base-url = "https://ping.az-gruppe.com";
      listen-http = ":${toString servicePort}";
      auth-file = "/var/lib/ntfy-sh/user.db";
      auth-default-access = "deny-all";
    };
  };

  # Traefik configuration
  services.traefik.dynamicConfigOptions.http = {
    services.${serviceName}.loadBalancer.servers = [
      {
        url = "http://localhost:${toString servicePort}/";
      }
    ];

    routers.${serviceName} = {
      rule = "Host(`ping.az-gruppe.com`)";
      tls = {
        certResolver = "ionos";
      };
      service = serviceName;
      entrypoints = "websecure";
    };
  };
}