{ lib, ... }: {
  name = "nixos-kittybox";

  nodes = {
    kittybox = { config, pkgs, lib, ... }: {
      imports = [ ../configuration.nix ];

      # TODO: figure out if we can get rid of Postgres here
      # even at the cost of Webmention functionality
      services.postgresql = {
        enable = true;
        ensureDatabases = ["kittybox"];
        ensureUsers = [ {
          name = "kittybox";
          ensurePermissions = {
            "DATABASE kittybox" = "ALL PRIVILEGES";
          };
        } ];
      };

      systemd.services.kittybox.wants = [ "postgresql.service" ];
      systemd.services.kittybox.after = [ "postgresql.service" ];
      systemd.services.kittybox.wantedBy = lib.mkForce [];

      services.kittybox = {
        enable = true;
        logLevel = "info,kittybox=debug,retainer::cache=warn,h2=warn,rustls=warn";
      };

      environment.systemPackages = with pkgs; [
        xh
      ];
    };
  };

  # TODO: Make e2e tests for authentication endpoints and such
  # Potentially using WebDriver
  # Could also be implemented with fantoccini
  testScript = ''
    kittybox.wait_for_unit("default.target")
    with subtest("Ensure that Kittybox service is socket activated..."):
        kittybox.fail("systemctl is-active kittybox.service")
        kittybox.succeed("systemctl is-active kittybox.socket")

    with subtest("Verify that Kittybox starts correctly..."):
        kittybox.succeed("xh --no-check-status http://localhost:8080/.kittybox/micropub")
        kittybox.succeed("systemctl is-active kittybox.service")

    with subtest("Onboarding should correctly work..."):
        kittybox.copy_from_host("${./onboarding.json}", "/root/onboarding.json")
        kittybox.succeed("xh --follow http://localhost:8080/.kittybox/onboarding -j @/root/onboarding.json")
        # Testing for a known string is the easiest way to determine that the onboarding worked
        kittybox.succeed("xh http://localhost:8080/ | grep 'vestige of the past long gone'")
'';
}