{
  config,
  lib,
  ...
}: let
  inherit (import ./mk-container.nix {inherit lib config;}) mkContainer;
in {
  imports = [
    (mkContainer {
      name = "cyberchef";
      hostIp = "10.233.5.1";
      containerIp = "10.233.5.2";
      nixosConfig = {pkgs, ...}: {
        services.nginx = {
          enable = true;
          virtualHosts."cyberchef" = {
            root = "${pkgs.cyberchef}/share/cyberchef";
            listen = [
              {
                addr = "0.0.0.0";
                port = 8080;
              }
            ];
          };
        };
        networking.firewall.allowedTCPPorts = [8080];
        system.stateVersion = "24.05";
      };
    })
  ];

  services.cloudflared.tunnels."${config.var.tunnelId}".ingress."cyberchef.${config.var.domain}" = "http://10.233.5.2:8080";
}