with import <stockholm/lib>;
{ config, pkgs, ... }: let

  cfg = config.krebs.syncthing;

in {

  options.krebs.syncthing = {

    enable = mkEnableOption "krebs.syncthing";

    systemService = mkOption {
      type = types.bool;
      default = true;
      description = "Auto launch Syncthing as a system service.";
    };

    user = mkOption {
      type = types.user;
      default = {
        name = "syncthing";
        home = "/var/lib/syncthing";
      };
    };

    group = mkOption {
      type = types.group;
      default = {
        name = "syncthing";
      };
    };

    all_proxy = mkOption {
      type = types.nullOr types.string;
      default = null;
      example = "socks5://address.com:1234";
      description = ''
        Overwrites all_proxy environment variable for the syncthing process to
        the given value. This is normaly used to let relay client connect
        through SOCKS5 proxy server.
      '';
    };

    dataDir = mkOption {
      type = types.path;
      default = cfg.user.home;
    };

    openDefaultPorts = mkOption {
      type = types.bool;
      default = false;
      example = literalExample "true";
      description = ''
        Open the default ports in the firewall:
          - TCP 22000 for transfers
          - UDP 21027 for discovery
        If multiple users are running syncthing on this machine, you will need to manually open a set of ports for each instance and leave this disabled.
        Alternatively, if are running only a single instance on this machine using the default ports, enable this.
      '';
    };

    package = mkOption {
      type = types.package;
      default = pkgs.syncthing;
      defaultText = "pkgs.syncthing";
      example = literalExample "pkgs.syncthing";
      description = ''
        Syncthing package to use.
      '';
    };
  };

  config = mkIf cfg.enable {

    networking.firewall = mkIf cfg.openDefaultPorts {
      allowedTCPPorts = [ 22000 ];
      allowedUDPPorts = [ 21027 ];
    };

    systemd.packages = [ pkgs.syncthing ];

    users = mkIf (cfg.user == defaultUser) {
      extraUsers."${defaultUser}" =
        { group = cfg.group;
          home  = cfg.dataDir;
          createHome = true;
          uid = config.ids.uids.syncthing;
          description = "Syncthing daemon user";
        };

      extraGroups."${defaultUser}".gid =
        config.ids.gids.syncthing;
    };

    systemd.services = {
      syncthing = mkIf cfg.systemService {
        description = "Syncthing service";
        after = [ "network.target" ];
        environment = {
          STNORESTART = "yes";
          STNOUPGRADE = "yes";
          inherit (cfg) all_proxy;
        } // config.networking.proxy.envVars;
        wantedBy = [ "multi-user.target" ];
        serviceConfig = {
          Restart = "on-failure";
          SuccessExitStatus = "2 3 4";
          RestartForceExitStatus="3 4";
          User = cfg.user;
          Group = cfg.group;
          PermissionsStartOnly = true;
          ExecStart = "${cfg.package}/bin/syncthing -no-browser -home=${cfg.dataDir}";
        };
      };

      syncthing-resume = {
        wantedBy = [ "suspend.target" ];
      };
    };
  };
}






#    services.syncthing = {
#      enable = true;
#      dataDir =
## drwxr-xr-x 1 syncthing nogroup   78 Sep 11 20:12 index-v0.14.0.db
## drwxr-xr-x 1 syncthing nogroup   18 Sep 11 20:12 Sync
## -rw-r--r-- 1 syncthing nogroup  619 Sep 11 20:12 cert.pem
## -rw------- 1 syncthing nogroup 3.5K Sep 11 20:13 config.xml
## -rw------- 1 syncthing nogroup   33 Sep 11 20:13 csrftokens.txt
## -rw-r--r-- 1 syncthing nogroup 1.1K Sep 11 20:12 https-cert.pem
## -rw------- 1 syncthing nogroup 1.7K Sep 11 20:12 https-key.pem
## -rw------- 1 syncthing nogroup  288 Sep 11 20:12 key.pem
#
#      #dataDir = "/var/lib/syncthing";
#      #group = "nogroup";
#      systemService = true;
#      #user = "syncthing";
#    };

/*
<configuration version="27">
    <folder id="default" label="Default Folder" path="/var/lib/syncthing/Sync" type="readwrite" rescanIntervalS="60" fsWatcherEnabled="false" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
        <filesystemType>basic</filesystemType>
        <device id="EP6B26A-FOFUIJY-ALGPLNB-HGAXJH4-JSGDZTY-EK6LVWT-357ZJN7-SQE27QQ" introducedBy=""></device>
        <minDiskFree unit="%">1</minDiskFree>
        <versioning></versioning>
        <copiers>0</copiers>
        <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
        <hashers>0</hashers>
        <order>random</order>
        <ignoreDelete>false</ignoreDelete>
        <scanProgressIntervalS>0</scanProgressIntervalS>
        <pullerPauseS>0</pullerPauseS>
        <maxConflicts>-1</maxConflicts>
        <disableSparseFiles>false</disableSparseFiles>
        <disableTempIndexes>false</disableTempIndexes>
        <paused>false</paused>
        <weakHashThresholdPct>25</weakHashThresholdPct>
        <markerName>.stfolder</markerName>
    </folder>
    <device id="EP6B26A-FOFUIJY-ALGPLNB-HGAXJH4-JSGDZTY-EK6LVWT-357ZJN7-SQE27QQ" name="xu" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
        <address>dynamic</address>
        <paused>false</paused>
        <autoAcceptFolders>false</autoAcceptFolders>
    </device>
    <gui enabled="true" tls="false" debugging="false">
        <address>127.0.0.1:8384</address>
        <apikey>wPjcG4LurZgdxYVfrS7Ra5oa4w577mCs</apikey>
        <theme>default</theme>
    </gui>
    <options>
        <listenAddress>default</listenAddress>
        <globalAnnounceServer>default</globalAnnounceServer>
        <globalAnnounceEnabled>true</globalAnnounceEnabled>
        <localAnnounceEnabled>true</localAnnounceEnabled>
        <localAnnouncePort>21027</localAnnouncePort>
        <localAnnounceMCAddr>[ff12::8384]:21027</localAnnounceMCAddr>
        <maxSendKbps>0</maxSendKbps>
        <maxRecvKbps>0</maxRecvKbps>
        <reconnectionIntervalS>60</reconnectionIntervalS>
        <relaysEnabled>true</relaysEnabled>
        <relayReconnectIntervalM>10</relayReconnectIntervalM>
        <startBrowser>true</startBrowser>
        <natEnabled>true</natEnabled>
        <natLeaseMinutes>60</natLeaseMinutes>
        <natRenewalMinutes>30</natRenewalMinutes>
        <natTimeoutSeconds>10</natTimeoutSeconds>
        <urAccepted>-1</urAccepted>
        <urSeen>3</urSeen>
        <urUniqueID>ryNit35r</urUniqueID>
        <urURL>https://data.syncthing.net/newdata</urURL>
        <urPostInsecurely>false</urPostInsecurely>
        <urInitialDelayS>1800</urInitialDelayS>
        <restartOnWakeup>true</restartOnWakeup>
        <autoUpgradeIntervalH>12</autoUpgradeIntervalH>
        <upgradeToPreReleases>false</upgradeToPreReleases>
        <keepTemporariesH>24</keepTemporariesH>
        <cacheIgnoredFiles>false</cacheIgnoredFiles>
        <progressUpdateIntervalS>5</progressUpdateIntervalS>
        <limitBandwidthInLan>false</limitBandwidthInLan>
        <minHomeDiskFree unit="%">1</minHomeDiskFree>
        <releasesURL>https://upgrades.syncthing.net/meta.json</releasesURL>
        <overwriteRemoteDeviceNamesOnConnect>false</overwriteRemoteDeviceNamesOnConnect>
        <tempIndexMinBlocks>10</tempIndexMinBlocks>
        <trafficClass>0</trafficClass>
        <weakHashSelectionMethod>auto</weakHashSelectionMethod>
        <defaultFolderPath>~</defaultFolderPath>
        <setLowPriority>true</setLowPriority>
        <minHomeDiskFreePct>0</minHomeDiskFreePct>
    </options>
</configuration>
*/