{ config, lib, pkgs, ... }:

with lib;

let

  catLines = builtins.concatStringsSep "\n";

  userOpts = { config, ... }: {
    options = {
      passwd = mkOption {
        type = types.str;
        description = ''
          The password of a given user.
        '';
      };

      databases = mkOption {
        type = types.attrsOf types.lines;
        default = {};
        description = ''
          A list of databases to which this user should have access.
        '';
      };
    };
  };

  grantDatabaseAccess = username: database: ''
    GRANT CONNECT ON DATABASE ${database} TO USER ${username};
    GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA ${database} TO USER ${username};
  '';

  createUserSql = username: userOpts: ''
    CREATE ROLE ${username} ENCRYPTED PASSWORD ${userOpts.passwd};
    ${catLines (map (grantDatabaseAccess username) userOpts.databases)}
  '';

  createDatabaseSql = database: dbOpts: ''
    CREATE DATABASE ${database};
    USE ${database};
  '';

  dataPath = /srv + ("/" + config.networking.hostName);

in {

  options = {
    fudo.postgresql = {

      enable = mkOption {
        type = types.bool;
        default = false;
        description = ''
          Whether to enable the PostgreSQL server for Fudo services.
        '';
      };

      databases = mkOption {
        type = types.attrsOf types.lines;
        default = {};
        description = ''
          A map of database_name => database_defn.
        '';
      };

      users = mkOption {
        type = with types; attrsOf (submodule userOpts);
        default = {};
        description = ''
          A map of user_name => { user_attributes }.
        '';
      };
    };
  };
}