{ config, lib, pkgs, ... }:

let cfg = config.sydnix.deertopia.copyparty.vault;
in {
  options.sydnix.deertopia.copyparty.vault = {
    enable = lib.mkEnableOption "personal storage under Copyparty";
  };

  config = lib.mkIf cfg.enable {
    sydnix.impermanence.directories = [ "/vault" ];

    # HACK: Ad-hoc permissions, as typical.
    users.groups.vault = {};
    users.users.copyparty.extraGroups = [ "vault" ];

    systemd.tmpfiles.settings."50-vault" =
      let e = {
	z.group = "vault";
	z.mode = "2775";
	v.group = "vault";
	v.mode = "2775";
      };
      in {
	"/vault" = e;
	"/vault/~msyds" = e;
      };

    services.copyparty.volumes = {
      "/~msyds" = {
	path = "/vault/~msyds";
	access.A = [ "msyds" ];
      };
      "/~msyds/zotero" = {
	path = "/vault/~msyds/zotero";
	flags.daw = true;
	access.A = [ "msyds" ];
	access.rwmd = [ "zotero" ];
      };
    };
  };
}