{ pkgs, goserver, pythonapp, docs, webui, version, src, ... }:

pkgs.stdenv.mkDerivation {
  pname = "authentik-server";
  inherit version src;

  dontBuild = true;

  nativeBuildInputs = [ pkgs.makeWrapper ];

  installPhase = ''
    runHook preInstall

    mkdir $out

    mkdir $out/bin
    ln -s ${pythonapp}/bin/ak $out/bin/ak

    mkdir $out/share
    mkdir $out/share/authentik
    cp -R ${pythonapp}/share/authentik/* $out/share/authentik
    chmod -R u+w $out/share/authentik
    mkdir $out/share/authentik/web
    ln -s ${webui}/dist $out/share/authentik/web/dist
    mkdir $out/share/authentik/website
    ln -s ${docs} $out/share/authentik/website/help

    ln -s /etc/authentik/authentik.yml $out/share/local.env.yml

    makeWrapper ${goserver}/bin/server $out/bin/authentik-server \
      --chdir "$out/share/authentik" \
      --prefix PATH : "${pythonapp}/bin" \
      --prefix PYTHONPATH : "$out/share/authentik"

    makeWrapper ${pythonapp}/bin/django-admin $out/bin/authentik-django-admin \
      --set DJANGO_SETTINGS_MODULE authentik.root.settings \
      --prefix PYTHONPATH : "$out/share/authentik"
    cat <<EOF >$out/share/authentik/manage.py
    #! ${pythonapp}/bin/python
    import os, sys
    if __name__ == '__main__':
        args = list(sys.argv)
        if 'runserver' in args:
            args.append('--noreload')
        os.execv("$out/bin/authentik-django-admin", args)
    EOF
    chmod +x $out/share/authentik/manage.py

    makeWrapper ${pythonapp}/bin/celery $out/bin/authentik-celery \
      --set DJANGO_SETTINGS_MODULE authentik.root.settings \
      --prefix PYTHONPATH : "$out/share/authentik"

    runHook postInstall
  '';
}