{ config, lib, pkgs, ... }:

let cfg = config.sydnix.deertopia.syncthing;
in {
  options.sydnix.deertopia.syncthing.enable =
    lib.mkEnableOption "Syncthing, à la Deertopia";
  config = lib.mkIf cfg.enable {
    sydnix.syncthing = {
      enable = true;
      includeDevices = [
        "guix-rebound"
        "nixos-testbed"
      ];
      directories = {
        "Music" = {
          path = "/persist/vault/jellyfin/Music";
          devices = [ "guix-rebound" ];
          ignorePerms = true;
        };
        "org" = {
          path = "/persist/deertopia.net/dav/org";
          devices = [
            "guix-rebound"
            "nixos-testbed"
          ];
          ignorePerms = true;
        };
      };
    };

    # HACK: I don't understand the idioms of Unix file permissions.
    # TODO: Consult molly for this shit TwT.
    users.users.${config.services.syncthing.user}.extraGroups = [
      "jellyfin"
      "nginx"
    ];

    sydnix.deertopia.nginx.vhosts."syncthing".vhost = {
      forceSSL = true;
      enableACME = true;
      locations."/" = {
        # TODO: This should work if guiAddress already specifies a protocol.
        proxyPass = "http://" + config.services.syncthing.guiAddress;
      };
    };
  };
}