{ pkgs, src, ... }:

let
  app = pkgs.poetry2nix.mkPoetryApplication {
    projectDir = src;
    python = pkgs.python310;
    overrides = pkgs.poetry2nix.overrides.withDefaults (self: super: {
      click-didyoumean = super.click-didyoumean.overridePythonAttrs (old: {
        nativeBuildInputs = (old.nativeBuildInputs or []) ++ [ self.poetry ];
      });
      xmlsec = super.xmlsec.overridePythonAttrs (old: {
        nativeBuildInputs = (old.nativeBuildInputs or []) ++ [ self.pkgconfig pkgs.pkg-config ];
        buildInputs = (old.buildInputs or []) ++ [ pkgs.xmlsec pkgs.libxslt pkgs.libxml2 pkgs.libtool ];
      });
      hatch-vcs = (super.hatch-vcs or (self.buildPythonPackage rec {
        pname = "hatch-vcs";
        version = "0.2.0";
        format = "pyproject";

        nativeBuildInputs = with self; [ hatchling ];
        propagatedBuildInputs = with self; [ hatchling setuptools-scm ];
        checkInputs = with self; [ pkgs.git pytestCheckHook ];

        src = self.fetchPypi {
          pname = "hatch_vcs";
          inherit version;
          sha256 = "1zxb12lrrl1n7ijcxl8mvv94lnhn6b52c1jx6jq9pv2fncrxf4wr";
        };
      }));
    });

    buildInputs = [ pkgs.bash ];

    postInstall = ''
      mkdir -p $out/share/authentik
      touch $out/share/authentik/__init__.py
      cp -r ${src}/xml $out/share/authentik/xml
      cp -r ${src}/lifecycle $out/share/authentik/lifecycle

      wrapProgram $out/bin/ak \
        --prefix PYTHONPATH ':' "$out/share/authentik"
    '';
  };
in
  app.dependencyEnv