{
  lib,
  pkgs,
  config,
  ...
}:
let
  factorioVersion =
    version: sha:
    pkgs.factorio-headless.overrideAttrs (_: {
      inherit version;
      src = pkgs.fetchurl {
        url = "https://factorio.com/get-download/${version}/headless/linux64";
        name = "factorio-headless-${version}.tar.xz";
        sha256 = sha;
      };
    });
  getMods =
    modDir:
    let
      modList = lib.pipe modDir [
        builtins.readDir
        (lib.filterAttrs (k: v: v == "regular"))
        (lib.mapAttrsToList (k: v: k))
        (builtins.filter (lib.hasSuffix ".zip"))
      ];
      validPath =
        modFileName:
        builtins.path {
          path = modDir + "/${modFileName}";
          name = lib.strings.sanitizeDerivationName modFileName;
        };
      modToDrv =
        modFileName:
        pkgs.runCommand "copy-factorio-mods" { } ''
          mkdir $out
          ln -s '${validPath modFileName}' $out/'${modFileName}'
        ''
        // {
          deps = [ ];
        };
    in
    builtins.map modToDrv modList;
  factorioContainer = name: factorio-config: {
    "factorio-${name}" = {
      autoStart = true;
      bindMounts = {
        "/var/lib/factorio" = {
          hostPath = "/factorio/${name}";
          isReadOnly = false;
        };
        "/run/secrets" = {
          hostPath = "/run/secrets";
          isReadOnly = true;
        };
        "/etc/resolv.conf" = {
          hostPath = "/etc/resolv.conf";
          isReadOnly = true;
        };
      };
      privateUsers = "no";

      config =
        {
          config,
          pkgs,
          lib,
          ...
        }:
        {
          systemd.services.factorio.serviceConfig.User = "factorio";
          services.factorio = factorio-config // {
            enable = true;
            openFirewall = true;

            game-name = name;
            saveName = name;
            stateDirName = "factorio";
          };

          nixpkgs.config = {
            allowUnfree = true;
          };

          system.stateVersion = "23.11";

          networking = {
            firewall.enable = false;
          };
        };
    };
  };
in
{
  users.groups.factorio = { };
  users.users.factorio = {
    isSystemUser = true;
    group = "factorio";
    extraGroups = [ "storage" ];
  };

  sops.secrets.factorio = {
    sopsFile = ../../secrets/factorio.json;
    format = "json";
    key = "";
    owner = "factorio";
  };

  containers =
    factorioContainer "tawney" {
      autosave-interval = 20;
      admins = [
        "jonay2000"
        "computerdruid"
        "pineapple"
      ];
      extraSettingsFile = config.sops.secrets.factorio.path;
      # mods = getMods ../../factorio-mods/tawney;
      package = factorioVersion "2.0.69" "sha256-I1FHuz7WtfCmmTiTxskv3+U1upWrhmBG9R+GUoS1c0E=";
      port = 20001;
    }
    // factorioContainer "snek" {
      autosave-interval = 20;
      admins = [
        "jonay2000"
        "computerdruid"
        "pineapple"
        "koragendum"
      ];
      extraSettingsFile = config.sops.secrets.factorio.path;
      mods = getMods ../../factorio-mods/snek;
      package = factorioVersion "2.0.69" "sha256-I1FHuz7WtfCmmTiTxskv3+U1upWrhmBG9R+GUoS1c0E=";
      port = 20002;
    };
}