{ config, pkgs, ... }@all: with all; {
  imports = [ inputs.copyparty.nixosModules.default ];
  config = {
    sops.secrets."nx2site/copyparty/user-password/${hyper.user}".owner = "copyparty";
    environment.systemPackages = with pkgs; [ copyparty ];
    services.copyparty = {
      enable = true;
      package = pkgs.copyparty;
      openFilesLimit = 8192;
      settings = {

        p = [ 3210 3211 ];
        i = [ "0.0.0.0" "unix:770:copyparty:/dev/shm/party.sock" ];
        name = "NxCopyParty";

        ignored-flag = false;
        no-reload = true;
        no-robots = true;

        rproxy = 1;
        xff-hdr = "X-Forwarded-For"; # so that cpp knows the real client ip behind nginx. Must match with nginx config

        shr = "/shares";
        css-browser = "https://${hyper.domain}/copyparty/extra-browser.css";
        theme = 6;
      };
      accounts = {
        "${hyper.user}" = {
          passwordFile = config.sops.secrets."nx2site/copyparty/user-password/${hyper.user}".path;
        };
      };
      volumes = {
        "/" = {
          path = "/srv/copyparty/root";
          access = {
            "A" = "${hyper.user}";
          };
          flags = {
            fk = 4; # url password length
            scan = 60; # scan interval in seconds 
            e2d = true; # volflag "e2d" enables the uploads database
            d2t = true; # "d2t" disables multimedia parsers (in case the uploads are malicious)
            nohash = "\.iso$"; # skips hashing file contents if path matches *.iso
          };
        };
      };
    };
  };
}