{
  config,
  lib,
  ...
}: let
  serviceName = "outline";
  portUtils = import ../../../lib/port-utils.nix {inherit lib;};
  servicePort = portUtils.getPort serviceName "AZ-CLD-1";
in {
  services.${serviceName} = {
    enable = true;
    port = servicePort;
    publicUrl = "https://wiki.az-gruppe.com";
    databaseUrl = "postgresql://outline:outline@127.0.0.1:5432/outline";
    storage = {
      storageType = "s3";
      region = "eu-central";
      uploadBucketUrl = "https://nbg1.your-objectstorage.com";
      uploadBucketName = "az-wiki";
      secretKeyFile = config.age.secrets.hetzner-s3-az-intern-secret-key.path;
      accessKey = "CRT7V4HR5CG9NHICD2WW";
    };
  };

  systemd.services.${serviceName}.serviceConfig = {
    EnvironmentFile = config.age.secrets.outline-env.path;
  };

  # Traefik configuration
  services.traefik.dynamicConfigOptions.http = {
    services.${serviceName}.loadBalancer.servers = [
      {
        url = "http://localhost:${toString servicePort}/";
      }
    ];

    routers.${serviceName} = {
      rule = "Host(`wiki.az-gruppe.com`)";
      tls = {
        certResolver = "ionos";
      };
      service = serviceName;
      entrypoints = "websecure";
    };
  };
}