{
  pkgs,
  config,
  ...
}: {
  users.users.ory-hydra = {
    group = "ory-hydra";
    isSystemUser = true;
  };
  users.groups.ory-hydra = {};

  systemd.services.ory-hydra = {
    wantedBy = ["multi-user.target"];
    after = ["network.target"];
    serviceConfig = {
      Description = "Ory Hydra OIDC Server";
      ExecStart = "${pkgs.my-pkgs.ory-hydra}/bin/hydra -c /run/agenix/hydra.yml serve";
      Restart = "on-failure";
      RestartSec = "5s";
      User = "ory-hydra";
      Group = "ory-hydra";
      Type = "notify";
      TimeoutStartSec = 0;
      StartLimitIntervalSec = 0;
      ReadWriteDirectories = "/run/agenix";
      EnvironmentFile = "/run/agenix/ory-hydra-vars";
    };
  };
}