# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0

{ lib, config, ... }:
let
  inherit (lib) mkOption types mkAfter mkIf mkDefault;
  robCfg = config.services.zfs.rollbackOnBoot;
in
{
  options.services.zfs.rollbackOnBoot = {
    enable = mkOption {
      type = types.bool;
      default = false;
    };
    snapshot = mkOption {
      type = types.str;
      default = "zpool/local/root@blank";
    };
    keepPaths = mkOption {
      type = types.listOf types.str;
      default = [ ];
    };
  };

  config = {
    boot.supportedFilesystems = [ "zfs" ];
    boot.zfs.devNodes = "/dev/disk/by-partuuid";
    services.zfs.autoScrub.enable = true;
    services.zfs.autoSnapshot = {
      enable = true;
      monthly = 1;
    };
    systemd.tmpfiles.rules = mkAfter (builtins.map (x: "L ${x} - - - - /persist{x}") robCfg.keepPaths);

    boot.initrd.postDeviceCommands = mkIf robCfg.enable
      (mkAfter ''
        zfs rollback -r ${robCfg.snapshot}
      '');

    my.vault.bindMountStateTo = mkIf robCfg.enable (mkDefault "/persist/var/lib/vault-agent");
  };
}