{ config, lib, perSystem, ... }:

let
  cfg = config.services.calapi;
  types = lib.types;
in
{
  options.services.calapi = {
    enable = lib.mkEnableOption "calapi";

    port = lib.mkOption {
      type = types.int;
      default = 8434;
    };

    proxy = lib.mkOption {
      type = types.enum [
        "nginx"
      ];
      default = null;
      example = "nginx";
    };

    nginx.virtualHost = lib.mkOption {
      example = lib.literalExpression ''
        {
          serverName = "survey.example.org";
          forceSSL = true;
          enableACME = true;
        }
      '';
    };
  };

  config = lib.mkIf cfg.enable {
    users = {
      groups."calapi" = {};
      users."calapi" = {
        group = "calapi";
        isSystemUser = true;
      };
    };

    systemd.services.calapi = {
      enable = true;
      after = [ "network.target" ];
      wantedBy = [ "multi-user.target" ];
      serviceConfig = {
        ExecStart = "${perSystem.calapi.default}/bin/calapi --port ${toString cfg.port}";
        Type = "exec";
        User = "calapi";
      };
    };

    services.nginx.virtualHosts = lib.mkIf (cfg.proxy == "nginx") {
      "${cfg.nginx.virtualHost.serverName}" = lib.mkMerge [
        cfg.nginx.virtualHost
        {
          locations."/" = {
            proxyPass = "http://127.0.0.1:${toString cfg.port}/";
          };
        }
      ];
    };
  };
}