{ pkgs ? import <nixpkgs> { } }:

let

  terranix = pkgs.callPackage (pkgs.fetchgit {
    url = "https://github.com/mrVanDalo/terranix.git";
    rev = "6097722f3a94972a92d810f3a707351cd425a4be";
    sha256 = "1d8w82mvgflmscvq133pz9ynr79cgd5qjggng85byk8axj6fg6jw";
  }) { };

  # a custom provider for terraform
  graylog = pkgs.buildGoModule rec {
    name = "terraform-provider-graylog-${version}";
    version = "v3.3.0";

    subPackages = [ "./terraform" ];

    src = pkgs.fetchFromGitHub {
      owner = "suzuki-shunsuke";
      repo = "go-graylog";
      sha256 = "12b0d70qzwaqgzksiyc7ia86g7869b1a6mfymqzkp2h5h4kcwcfh";
      rev = "${version}";
    };

    modSha256 = "0zbly0wyqa4jw6h54b1y03j6v1c5fqgslfdyrzii9rpq3y6g0kkf";

    postInstall = "mv $out/bin/terraform{,-provider-graylog_${version}}";

    meta = with pkgs.stdenv.lib; {
      homepage = "https://github.com/suzuki-shunsuke/go-graylog";
      description = "Terraform provider is used to manage graylog.";
      platforms = platforms.linux;
      license = licenses.mpl20;
      maintainers = with maintainers; [ palo ];
    };
  };

  terraform = pkgs.terraform.withPlugins (p: [ graylog ]);

in pkgs.mkShell {

  buildInputs = [

    # terraform wrapper to set access variables
    # -----------------------------------------
    (pkgs.writeShellScriptBin "terraform" ''
      export TF_VAR_web_endpoint_uri="http://schasch.private:9000/api"
      export TF_VAR_auth_name=admin
      export TF_VAR_auth_password=yourpassword
      ${terraform}/bin/terraform "$@"
    '')

    # terranix to avoid HCL
    # ---------------------
    terranix

    # tooling
    # -------
    pkgs.terraform-landscape
    pkgs.terraform-docs

  ];

  shellHook = ''
    # save shell history in project folder
    HISTFILE=${toString ./.history}
    # configure password store to use subfolder
    export PASSWORD_STORE_DIR=./secrets
  '';

}