{ config, lib, pkgs, ... }:

with lib;

let
  cfg = config.services.notify-users;

  notify-user = userName: with pkgs; stdenv.mkDerivation {
    name = "notify-${userName}";
    src = ./notify-user.hs;

    phases = [ "unpackPhase" "buildPhase" "installPhase" ];

    unpackPhase = ''
      cp $src notify-user.hs
    '';

    inherit userName;
    userHome = config.users.users."${userName}".home;

    buildPhase = ''
      substituteAllInPlace notify-user.hs
      ${ghcWithPackages (p: with p; [ Glob process libnotify getopt-simple containers ])}/bin/ghc -odir . -hidir . $src -o notify-${userName}
    '';

    installPhase = ''
      mkdir -p $out/bin

      install -m 755 -t $out/bin \
        notify-${userName}
    '';
  };
in {
  options = {
    services.notify-users = mkOption {
      type = with types; listOf str;
      default = [];
      description = ''
        Users to install a notify-user script for
      '';
    };
  };

  config = mkIf (cfg != []) {
    security.wrappers = listToAttrs (map (user: nameValuePair "notify-${user}" {
       owner = user;
       setuid = true;
       setgid = false;
       permissions = "u+rx,g+x,o+x";
       source = "${notify-user user}/bin/notify-${user}";
    }) cfg);
  };
}