{
  pkgs,
  inputs,
  ...
}:
{
  networking.firewall.allowedTCPPorts = [
    8069
  ];
  systemd.services.contact-api = {
    description = "Contact Database API with Frontend";
    after = [
      "postgresql.service"
      "network.target"
    ];
    requires = [ "postgresql.service" ];
    wantedBy = [ "multi-user.target" ];

    environment = {
      PYTHONPATH = "${inputs.self}";
      POSTGRES_DB = "richie";
      POSTGRES_HOST = "/run/postgresql";
      POSTGRES_USER = "richie";
      FRONTEND_DIR = "/home/richie/dotfiles/frontend/dist/";
    };

    serviceConfig = {
      Type = "simple";
      ExecStart = "${pkgs.my_python}/bin/fastapi run ${inputs.self}/python/api/contact_api.py --port 8069";
      Restart = "on-failure";
      RestartSec = "5s";
      StandardOutput = "journal";
      StandardError = "journal";
      # Security hardening
      NoNewPrivileges = true;
      ProtectSystem = "strict";
      ProtectHome = "read-only";
      PrivateTmp = true;
      ReadOnlyPaths = [
        "${inputs.self}"
        "/home/richie/dotfiles/frontend/dist/"
      ];
    };
  };
}