{ config, options, lib, pkgs, stdenv, ... }:
let
  cfg = config.services.pleroma;
in {
  options = {
    services.pleroma = with lib; {
      enable = mkEnableOption "pleroma";

      package = mkOption {
        type = types.package;
        default = import ../default.nix { inherit pkgs; };
        description = "Pleroma package to use.";
      };

      user = mkOption {
        type = types.str;
        default = "pleroma";
        description = "User account under which pleroma runs.";
      };

      group = mkOption {
        type = types.str;
        default = "pleroma";
        description = "Group account under which pleroma runs.";
      };

      configs = mkOption {
        type = with types; listOf str;
        description = "TODO";
        default = ''
        '';
      };

      secretConfigFile = mkOption {
        type = types.str;
        default = "/var/lib/pleroma/secrets.exs";
        description = "Path to the file containing your secret pleroma configuration.";
      };
    };
  };

  config = lib.mkIf cfg.enable {
    assertions = [
      {
        assertion = (builtins.length cfg.configs) > 0;
        message = ''
          This is a brand new installation. In that case you can use
          `pleroma_ctl instance gen --output config.exs --output-psql setup.psql`,
          this will prompt you some questions and will generate both your
          config file and database initial migration. Note: `pleroma_ctl`
          will be in your system path as soon as you enable the pleroma
          service. You can alternatively build it by building this repo's
          `default.nix` derivation.
        '';
      }
    ];
    users = {
      users."${cfg.user}" = {
        description = "Pleroma user";
        home = "/var/lib/pleroma";
        extraGroups = [ cfg.group ];
      };
      groups."${cfg.group}" = {};
    };

    environment.systemPackages = [ cfg.package ];

    environment.etc."/pleroma/config.exs" = ''
      ${lib.concatMapStrings (x: "${x}") cfg.configs} 
      include "${cfg.secretConfigFile}"
    '';

    systemd.services.pleroma = {
      description = "Pleroma social network";
      after = [ "network-online.target" "postgresql.service" ];
      wantedBy = [ "multi-user.target" ];
      serviceConfig = {
        User = cfg.user;
        Group = cfg.group;
        Type = "forking";
        WorkingDirectory = "~";
        StateDirectory = "pleroma pleroma/static pleroma/uploads";
        StateDirectoryMode = "700";

        # Checking the conf file is there then running the database
        # migration before each service start, just in case there are
        # some pending ones.
        #
        # It's sub-optimal as we'll always run this, even if pleroma
        # has not been updated. But the no-op process is pretty fast.
        # Better be safe than sorry migration-wise.
        ExecStartPre =
          let preScript = pkgs.writers.writeBashBin "pleromaStartPre" ''
            if [ ! -f "/etc/pleroma/config.exs" ]; then
              echo "ERROR: Missing pleroma config file at /etc/pleroma/config.exs"
              echo "Did you read https://git.alternativebit.fr/NinjaTrappeur/pleroma-otp-nixos/src/branch/master/readme.md#user-content-pleroma-configuration-management ?"
              exit 1
            fi
            ${cfg.package}/bin/pleroma_ctl migrate'';
          in "${preScript}/bin/pleromaStartPre";

        ExecStart = "${cfg.package}/bin/pleroma daemon";
        ExecStop = "${cfg.package}/bin/pleroma stop";
        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";

        # Systemd sandboxing directives.
        # Taken from the upstream contrib systemd service at
        # pleroma/installation/pleroma.service
        PrivateTmp = true;
        ProtectHome = true;
        ProtectSystem = "full";
        PrivateDevices = false;
        NoNewPrivileges = true;
        CapabilityBoundingSet = "~CAP_SYS_ADMIN";
      };
    };

  };
  meta.maintainers = with lib.maintainers; [ ninjatrappeur ];
}