{ config, pkgs, lib, ... }:

with lib;

let
  dataDir = "/var/lib/mx-puppet-slack";
  registrationFile = "${dataDir}/slack-registration.yaml";
  cfg = config.services.mx-puppet-slack;
  settingsFormat = pkgs.formats.json {};
  settingsFile = settingsFormat.generate "mx-puppet-slack-config.json" cfg.settings;

in {
  options = {
    services.mx-puppet-slack = {
      enable = mkEnableOption (lib.mdDoc ''
        mx-puppet-slack is a slack puppeting bridge for matrix.
        It handles bridging private and group DMs
      '');

      package = mkOption {
        type = types.package;
        default = pkgs.callPackage ./pkgs/mx-puppet-slack.nix {};
        defaultText = "pkgs.mx-puppet-slack";
        example = "pkgs.mx-puppet-slack.override { … = …; }";
        description = lib.mdDoc ''
          Package of the application to run, exposed for overriding purposes.
        '';
      };

      settings = mkOption rec {
        apply = recursiveUpdate default;
        inherit (settingsFormat) type;
        default = {
          bridge = {
            port = 8432;
          };
          presence = {
            enabled = true;
            interval = 500;
          };
          provisioning.whitelist = [ ];

          # variables are preceded by a colon.
          namePatterns = {
            user = ":name";
            room = ":name[:team? - :team,]";
            group = ":name";
          };

          #defaults to sqlite but can be configured to use postgresql with
          #connstring
          database.filename = "${dataDir}/database.db";
          logging = {
            console = "info";
            lineDateFormat = "MMM-D HH:mm:ss.SSS";
          };
        };
        example = literalExpression ''
          {
            bridge = {
              bindAddress = "localhost";
              domain = "example.com";
              homeserverUrl = "https://example.com";
            };
            provisioning.whitelist = [ "@admin:example.com" ];
            relay.whitelist = [ "@.*:example.com" ];
          }
        '';
        description = lib.mdDoc ''
          {file}`config.yaml` configuration as a Nix attribute set.
          Configuration options should match those described in
          [
          sample.config.yaml](https://github.com/matrix-slack/mx-puppet-slack/blob/master/sample.config.yaml).
        '';
      };
      serviceDependencies = mkOption {
        type = with types; listOf str;
        default = optional config.services.matrix-synapse.enable "matrix-synapse.service";
        defaultText = literalExpression ''
          optional config.services.matrix-synapse.enable "matrix-synapse.service"
        '';
        description = lib.mdDoc ''
          List of Systemd services to require and wait for when starting the application service.
        '';
      };
    };
  };

  config = mkIf cfg.enable {
    systemd.services.mx-puppet-slack = {
      description = "Matrix to Slack puppeting bridge";

      wantedBy = [ "multi-user.target" ];
      wants = [ "network-online.target" ] ++ cfg.serviceDependencies;
      after = [ "network-online.target" ] ++ cfg.serviceDependencies;

      preStart = ''
        # generate the appservice's registration file if absent
        if [ ! -f '${registrationFile}' ]; then
          ${cfg.package}/bin/mx-puppet-slack -r -c ${settingsFile} \
          -f ${registrationFile}
        fi
      '';

      serviceConfig = {
        Type = "simple";
        Restart = "always";

        ProtectSystem = "strict";
        ProtectHome = true;
        ProtectKernelTunables = true;
        ProtectKernelModules = true;
        ProtectControlGroups = true;

        DynamicUser = true;
        PrivateTmp = true;
        WorkingDirectory = cfg.package;
        StateDirectory = baseNameOf dataDir;

        UMask = "0027";

        ExecStart = ''
          ${cfg.package}/bin/mx-puppet-slack \
            -c ${settingsFile} \
            -f ${registrationFile}
        '';
      };
    };
  };

  meta.maintainers = with maintainers; [ govanify ];
}