{ config, lib, pkgs, ... }:

# TODO: This is a Deertopia module.  Move to nixos/deertopia/syncthing.nix.

let cfg = config.sydnix.syncthing;
in {
  options = {
    sydnix.syncthing = {
      enable = lib.mkEnableOption "Syncthing";
      devices = lib.mkOption {
        type = lib.types.anything;
        default = {};
      };
      folders = lib.mkOption {
        type = lib.types.anything;
        default = {};
      };
    };
  };

  config = lib.mkIf cfg.enable {
    # HACK: I don't understand the idioms of Unix file permissions.
    # TODO: Consult molly for this shit TwT.
    users.users.${config.services.syncthing.user}.extraGroups = [
      "jellyfin"
      "nginx"
    ];

    sydnix.deertopia.nginx.vhosts."syncthing".vhost = {
      forceSSL = true;
      enableACME = true;
      locations."/" = {
        # TODO: This should work if guiAddress already specifies a protocol.
        proxyPass = "http://" + config.services.syncthing.guiAddress;
      };
    };

    services.syncthing = {
      enable = true;
      openDefaultPorts = true;
      settings = {
        gui = {
          # TODO: Figure out how to read credentials from a file.
          # tls = true;
          user = "lain";
          password = "my-awesome-password";
        };
        overrideDevices = true;
        overrideFolders = true;
        devices = cfg.devices;
        folders = cfg.folders;
      };
    };
  };
}