{
  config,
  lib,
  pkgs,
  ...
}:

with lib;
with types;
let
  cfg = config.services.taskwarrior-pushover;
  name = "taskwarrior-pushover";
in
{
  options.services.taskwarrior-pushover = {
    enable = mkEnableOption "taskwarrior pushover notification service";
    onCalendar = mkOption {
      type = str;
      default = "4:00:00";
    };
    recurrence = mkOption {
      type = enum [
        "on"
        "off"
      ];
      default = "off";
    };
    pushoverApiTokenFile = mkOption {
      type = path;
    };
    pushoverUserKeyFile = mkOption {
      type = path;
    };
    query = mkOption {
      type = str;
      default = "+PENDING and ( +ACTIVE or +DUETODAY or +TODAY or +OVERDUE )";
    };
    dataDir = mkOption {
      type = str;
      default = "tasks";
    };
    caFile = mkOption {
      type = path;
    };
    certificateFile = mkOption {
      type = path;
    };
    credentials = mkOption {
      type = str;
    };
    keyFile = mkOption {
      type = path;
    };
    server = mkOption {
      type = str;
    };
    tagLimitInTitle = mkOption {
      type = int;
      default = 10;
      description = "tag limit for title, TagsInTitle must be enabled for this to work";
    };
    tagsInTitle = mkOption {
      type = bool;
      default = true;
      description = "should tags be used for titles? (see tagLimitInTitle to limit the amount of tags)";
    };
  };

  config = mkIf cfg.enable {

    users.users.${name} = {
      isSystemUser = true;
      home = "/var/lib/${name}";
      group = name;
    };
    users.groups.${name} = { };

    systemd.services.taskwarrior-pushover = {
      enable = true;
      serviceConfig = {
        User = name;
        StateDirectory = name;
      };
      script =
        let
          taskwarriorCommand = pkgs.writers.writeDash "taskwarrior-push" ''
            ${pkgs.taskwarrior}/bin/task \
               rc:/var/lib/${name}/.taskrc \
               rc.data.location=/var/lib/${name}/${cfg.dataDir} \
               rc.recurrence=${cfg.recurrence}  \
               rc.taskd.ca=${cfg.caFile} \
               rc.taskd.certificate=${cfg.certificateFile} \
               rc.taskd.credentials="${cfg.credentials}" \
               rc.taskd.key=${cfg.keyFile} \
               rc.taskd.server=${cfg.server} \
               "$@"
          '';
          # tags as title
          title =
            if (cfg.tagsInTitle && (cfg.tagLimitInTitle > 0)) then
              ''(.tags | if . == null or . == [] then "taskwarrior" else [limit(${toString cfg.tagLimitInTitle};.[])] | join(",") end)''
            else
              ''"taskwarrior"'';
        in
        ''
          if [ -d /var/lib/${name}/${cfg.dataDir} ]
          then
            echo "synchronize ${cfg.dataDir}"
            ${taskwarriorCommand} sync
          else
            echo "initialize ${cfg.dataDir}"
            ${pkgs.coreutils}/bin/yes | ${taskwarriorCommand} sync init
          fi

          ${taskwarriorCommand} '${cfg.query}' export \
          | ${pkgs.jq}/bin/jq -r '.[] | @base64' | while read entry
          do
           echo $entry | base64 --decode | \
             ${pkgs.jq}/bin/jq '
              {
               "token": "'`cat ${cfg.pushoverApiTokenFile}`'",
               "user": "'`cat ${cfg.pushoverUserKeyFile}`'",
               title: ${title},
               message: .description
             }' \
             | ${pkgs.curl}/bin/curl -sS -X POST -H 'Content-Type: application/json' -d @- \
             "https://api.pushover.net/1/messages.json"
          done

          if [[ ${cfg.recurrence} -eq on ]]
          then
            ${taskwarriorCommand} sync
          fi
        '';
    };
    systemd.timers.taskwarrior-pushover = {
      enable = true;
      timerConfig.OnCalendar = cfg.onCalendar;
      wantedBy = [ "multi-user.target" ];
    };
  };

}