{
  config,
  pkgs,
  flake,
  ...
}:
let
  inherit (flake.config.machines.devices) ceres;
  inherit (flake.config.services.instances) comfyui web;
  inherit (flake.config.people) user0;
  service = comfyui;
  localhost = web.localhost.address1;
in
{
  nixpkgs.overlays = [
    flake.inputs.nix-comfyui.overlays.default
  ];

  services.comfyui = {
    enable = true;
    openFirewall = true;
    host = localhost;
    package = pkgs.comfyuiPackages.comfyui.override {
      extensions = with pkgs.comfyuiPackages.extensions; [
        acly-inpaint
        acly-tooling
        cubiq-ipadapter-plus
        fannovel16-controlnet-aux
      ];
      commandLineArgs = [
        "--preview-method"
        "auto"
      ];
    };
  };
  fileSystems."/var/lib/${service.name}" = {
    device = service.paths.path0;
    fsType = "none";
    options = [
      "bind"
    ];
    depends = [
      ceres.storage0.mount
    ];
  };

  systemd.tmpfiles.rules = [
    "Z ${service.paths.path0} 755 ${service.name} ${service.name} -"
  ];

  users.users.${service.name}.extraGroups = [
    "users"
  ];

  networking = {
    firewall = {
      allowedTCPPorts = [
        service.ports.port0
      ];
    };
  };
}