{ config, lib, pkgs, ... }:

with lib;


  cfg = config.services.lektor;

in {

  options.services.lektor = {
    enable = mkEnableOption "enable services.lektor";
    user = mkOption {
      default = "lektor";
      type = with types; str;
      description = ''
        name of the lektor service
    home = mkOption {
      default = "/home/${cfg.user}";
      type = with types; str;
      description = ''
        home of the service
    repository = mkOption {
      type = with types; str;
      description = ''
        Repository to get the lektor project from.
      example = "git@github.com:lektor/lektor-website.git";
    bind = mkOption {
      default = "";
      type = with types; str;
      description = ''
        Host to bind the lektor service to.
    serviceName = mkOption {
      default = "lektor";
      type = with types; str;
      description = ''
        name of the system service (without the .service suffix)
    port = mkOption {
      default = 5000;
      type = with types; int;
      description = ''
        Port to bind the lektor service to.
    additionalScript = mkOption {
      default = null;
      type = with types; nullOr path;
      description = ''
        A script you can us as a hook before the lektor server start
        (for example to creat your css or javascript files)
      example = pkgs.writeShellScript "build" ''
        ${pkgs.nix}/bin/nix-shell --run build";
    #sshMatchBlocks = mkOption {
    #  default = [];
    #  type = with types; listOf attrs;
    #  description = ''
    #    a matchBlock from home-manager.users.<name>.programs.ssh.matchBlocks;
    #  '';
    host = mkOption {
      type = with types; str;
      description = ''
        ssh host to pull from and push to
    sshKey = mkOption {
      type = with types; str;
      description = ''
        todo : avoid this, or make sure the home folder is crypted
        Warning the key will be copied into the home folder of the user
        ssh key to use

  config = mkIf cfg.enable {

    # create User
    users.users."${cfg.user}" = {
      home = cfg.home;
      createHome = true;
      isSystemUser = true;

    # create systemd service to start service
    systemd.services."${cfg.serviceName}" = {
      enable = true;
      wantedBy = [ "multi-user.target" ];

      environment.NIX_PATH = config.environment.variables.NIX_PATH;
      serviceConfig = {
        User = cfg.user;
        # todo : this is not working properly
        TimeoutStartSec =
          "infinity"; # it might take some time will this thing is up

        ExecStartPre = let

          sshKeyTarget = "/run/keys.lektor/id_rsa";

          sshConfig = pkgs.writeText "sshconfig" ''
            Host ${cfg.host}
              IdentityFile ${sshKeyTarget}

            Host *
              ForwardAgent no
              Compression no
              ServerAliveInterval 0
              HashKnownHosts no
              UserKnownHostsFile ~/.ssh/known_hosts
              ControlMaster no
              ControlPath ~/.ssh/master-%r@%n:%p
              ControlPersist no

          sshKeyScript = pkgs.writers.writeDash "keyfile-gen" # sh
              set -x

              # setup ~/.ssh
              mkdir -p ${cfg.home}/.ssh
              chown ${cfg.user} ${cfg.home}/.ssh
              chmod 700 ${cfg.home}/.ssh

              cp ${sshConfig} ${cfg.home}/.ssh/config
              chown ${cfg.user} ${cfg.home}/.ssh/config
              chmod 500 ${cfg.home}/.ssh/config

              mkdir -p ${dirOf sshKeyTarget}
              chmod 700 ${dirOf sshKeyTarget}
              chown ${cfg.user} ${dirOf sshKeyTarget}
              cp ${toString cfg.sshKey} ${sshKeyTarget}
              chown ${cfg.user} ${sshKeyTarget}
              chmod 500 ${sshKeyTarget}

          cloneScript = pkgs.writers.writeDash "clone" # sh
              set -x
              if [[ `ls ~/${cfg.user} | wc -l` == 0 ]]
                rm ~/${cfg.user}
              ${pkgs.git}/bin/git clone ${cfg.repository} ~/${cfg.user}

        in [ "+${sshKeyScript}" "-${cloneScript}" ];

      # todo : add restart ruling

      script = # sh
          cd ~/${cfg.user} && \
          ${pkgs.git}/bin/git pull && \
            optionalString (cfg.additionalScript != null)
            "${cfg.additionalScript} &&"
          } \
          ${pkgs.python36Packages.lektor}/bin/lektor server \
            --host ${cfg.bind} \
            --port ${toString cfg.port}