{ lib, ... }: {
  nixos.systems.object = {
    system = "x86_64-linux";
    nixpkgs = "mine";

    assignments = {
      internal = {
        name = "object-ctr";
        domain = lib.my.colony.domain;
        ipv4.address = "${lib.my.colony.start.ctrs.v4}7";
        ipv6 = {
          iid = "::7";
          address = "${lib.my.colony.start.ctrs.v6}7";
        };
      };
    };

    configuration = { lib, pkgs, config, assignments, ... }:
    let
      inherit (lib) mkMerge mkIf;
      inherit (lib.my) networkdAssignment;
    in
    {
      config = mkMerge [
        {
          my = {
            deploy.enable = false;
            server.enable = true;

            secrets = {
              key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFdHbZErWLmTPO/aEWB1Fup/aGMf31Un5Wk66FJwTz/8";
              files = {
                "object/minio.env" = {};
                "object/sharry.conf" = {
                  owner = "sharry";
                  group = "sharry";
                };
              };
            };

            firewall = {
              tcp.allowed = [ 9000 9001 config.services.sharry.config.bind.port ];
            };
          };

          systemd = {
            network.networks."80-container-host0" = networkdAssignment "host0" assignments.internal;
            services = {
              minio = {
                environment = {
                  MINIO_ROOT_USER = "minioadmin";
                  MINIO_DOMAIN = "s3.nul.ie";
                  MINIO_SERVER_URL = "https://s3.nul.ie";
                  MINIO_BROWSER_REDIRECT_URL = "https://minio.nul.ie";
                };
              };
            };
          };

          services = {
            minio = {
              enable = true;
              region = "eu-central-1";
              browser = true;
              rootCredentialsFile = config.age.secrets."object/minio.env".path;
              dataDir = [ "/mnt/minio" ];

              # TODO: Migrate from fs to snsd backend!
              package = pkgs.minio_legacy_fs;
            };

            sharry = {
              enable = true;
              configOverridesFile = config.age.secrets."object/sharry.conf".path;

              config = {
                base-url = "https://share.${lib.my.pubDomain}";
                bind.address = "[::]";
                alias-member-enabled = true;
                webapp = {
                  chunk-size = "64M";
                };
                backend = {
                  auth = {
                    fixed = {
                      enabled = true;
                      user = "dev";
                    };
                    internal = {
                      enabled = true;
                      order = 50;
                    };
                  };
                  jdbc = {
                    url = "jdbc:postgresql://colony-psql:5432/sharry";
                    user = "sharry";
                  };
                  files = {
                    default-store = "minio";
                    stores = {
                      database.enabled = false;
                      minio = {
                        enabled = true;
                        type = "s3";
                        endpoint = "https://s3.nul.ie";
                        access-key = "share";
                        bucket = "share";
                      };
                    };
                  };
                  compute-checksum.parallel = 4;
                  signup.mode = "invite";
                  share = {
                    max-size = "128G";
                    max-validity = "3650 days";
                  };
                  mail = {
                    enabled = true;
                    smtp = {
                      host = "mail.nul.ie";
                      port = 587;
                      user = "sharry@nul.ie";
                      ssl-type = "starttls";
                      default-from = "Sharry <sharry@nul.ie>";
                      timeout = "30 seconds";
                    };
                  };
                };
              };
            };
          };
        }
        (mkIf config.my.build.isDevVM {
          virtualisation = {
            forwardPorts = [
              { from = "host"; host.port = 9000; guest.port = 9000; }
              { from = "host"; host.port = 9001; guest.port = 9001; }
              { from = "host"; guest.port = config.services.sharry.config.bind.port; }
            ];
          };
        })
      ];
    };
  };
}