{ config, pkgs, lib, utils, flakeInputs, ... }:

with lib;

let
  copyBorg = flakeInputs.mach-nix.lib.${config.nixpkgs.system}.buildPythonPackage rec {
    pname = "copy-borg";
    src = ./copy;
    version = "0.0.0";
    ignoreDataOutdated = true;

    requirements = ''
      humanize
      tqdm
      python-dateutil
      xdg
      python-unshare
      pyprctl
      halo
    '';
    postInstall = ''
      wrapProgram $out/bin/copy_borg \
        --prefix PATH : ${makeBinPath (with pkgs; [util-linux borgbackup])}:${config.security.wrapperDir}
    '';

    providers.python-unshare = "nixpkgs";
    overridesPre = [
      (self: super: { python-unshare = super.python-unshare.overrideAttrs (oldAttrs: { name = "python-unshare-0.2.1"; version = "0.2.1"; }); })
    ];

    # _.tomli.buildInputs.add = with pkgs."python3Packages"; [ flit-core ];
  };

  copyService = name: opts: nameValuePair "copy-borg@${utils.escapeSystemdPath name}" {
    serviceConfig = {
      Type = "oneshot";
      ExecStart = "${copyBorg}/bin/copy_borg --verbosity ${toString opts.verbosity} ${utils.escapeSystemdExecArgs [opts.from opts.to]}";
      TimeoutStartSec = "8h";
      # User = "borg";
      # Group = "borg";
      # StateDirectory = "borg";
      RuntimeDirectory = "copy-borg";
      Environment = [
        "BORG_BASE_DIR=/var/lib/borg"
        "BORG_CONFIG_DIR=/var/lib/borg/config"
        "BORG_CACHE_DIR=/var/lib/borg/cache"
        "BORG_SECURITY_DIR=/var/lib/borg/security"
        "BORG_KEYS_DIR=/var/lib/borg/keys"
      ]
      ++ optional opts.unknownUnencryptedRepoAccessOk "BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes"
      ++ optional opts.hostnameIsUnique "BORG_HOSTNAME_IS_UNIQUE=yes"
      ++ optional (!(isNull opts.sshConfig)) "BORG_RSH=\"${pkgs.openssh}/bin/ssh -F ${pkgs.writeText "config" opts.sshConfig}\""
      ++ optional (!(isNull opts.keyfile)) "BORG_KEY_FILE=${opts.keyfile}";

      LogRateLimitIntervalSec = 0;
    };
  };
  copyTimer = name: opts: nameValuePair "copy-borg@${utils.escapeSystemdPath name}" (recursiveUpdate {
    wantedBy = [ "timers.target" ];

    timerConfig = {
      Unit = "copy-borg@${utils.escapeSystemdPath name}.service";
    };
  } opts.timerOptions);

  cfg = config.services.copyborg;
in {
  options = {
    services.copyborg = mkOption {
      type = types.attrsOf (types.submodule {
        options = {
          from = mkOption {
            type = types.str;
          };
          to = mkOption {
            type = types.str;
          };

          verbosity = mkOption {
            type = types.int;
            default = 3;
          };

          sshConfig = mkOption {
            type = with types; nullOr str;
            default = null;
          };

          keyfile = mkOption {
            type = with types; nullOr str;
            default = null;
          };

          unknownUnencryptedRepoAccessOk = mkOption {
            type = types.bool;
            default = false;
          };
          hostnameIsUnique = mkOption {
            type = types.bool;
            default = true;
          };

          timerOptions = mkOption {
            # type = types.submodule utils.systemdUtils.unitOptions.stage2TimerOptions;
            type = types.attrs;
            default = {
              wantedBy = ["timers.target"];
            };
          };
        };
      });
      default = {};
    };
  };

  config = {
    systemd.services = mapAttrs' copyService cfg;
    systemd.timers = mapAttrs' copyTimer cfg;
  };
}