# SPDX-FileCopyrightText: 2023 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0

# TODO: support erbium-conftest, which is in erbium-core.

{ lib, pkgs, rebuilder, config, ... }:
let
  cfg = config.services.erbium;
  settingsFormat = pkgs.formats.json {};

  configFile = settingsFormat.generate "erbium.conf.json" cfg.settings;
in
{
  options.services.erbium = {
    enable = lib.mkEnableOption "erbium";

    package = lib.mkOption {
      type = lib.types.package;
    };

    settings = lib.mkOption {
      type = lib.types.submodule {
        freeformType = settingsFormat.type;
      };
      default = {};
      description = "Configuration for Erbium";
    };
  };

  config = lib.mkIf cfg.enable {
    environment.etc."erbium.conf".source = configFile;

    systemd.services.erbium = {
      description = "Erbium Network Services";
      wantedBy = [ "multi-user.target" ];
      after = [ "network.target" ];
      restartTriggers = [ configFile ];

      serviceConfig = {
        ExecStart = "${cfg.package}/bin/erbium /etc/erbium.conf";
        Type = "simple";
        Restart = "always";
        DynamicUser = true;
        User = "erbium";
        Group = "erbium";
        AmbientCapabilities = [
          "CAP_NET_RAW"
          "CAP_NET_BIND_SERVICE"
        ];
        StateDirectory = "erbium";
        RuntimeDirectory = "erbium";
      };
    };
  };
}