{ config, lib, pkgs, ... }:

with lib;
let
  hostname = config.instance.hostname;
  host-secrets = config.fudo.secrets.host-secrets.${hostname};

  cfg = config.informis.services.chute;

  make-env-file = { hostname, secret, passphrase, key, jabber-password ? null }:
    pkgs.writeText "chute-environment" ''
      COINBASE_API_HOSTNAME=${hostname}
      COINBASE_API_SECRET=${secret}
      COINBASE_API_PASSPHRASE=${passphrase}
      COINBASE_API_KEY=${key}
      ${optionalString (jabber-password != null)
        "JABBER_PASSWORD=${jabber-password}"}
    '';

  read-and-trim = filename:
    removeSuffix "\n" (readFile filename);

in {
  options.informis.services.chute = with types; {
    enable = mkEnableOption "Enable the Chute cryptocurrency stopgap.";

    jabber-user = mkOption {
      type = nullOr str;
      description = "User to which messages will be sent.";
      default = null;
    };

    staging = {
      secret-file = mkOption {
        type = path;
        description = "Path to file containing Coinbase API secret.";
      };

      key-file = mkOption {
        type = path;
        description = "Path to file containing Coinbase API key.";
      };

      passphrase-file = mkOption {
        type = path;
        description = "Path to file containing Coinbase API passphrase.";
      };
    };
  };

  config = let
    chute-jabber-passwd =
      pkgs.lib.passwd.stablerandom-passwd-file
        "chute-jabber-passwd"
        "chute-jabber-passwd-${config.instance.build-seed}";
  in {
    fudo = {
      users.chute = {
        uid = 11007;
        primary-group = "informis";
        common-name = "Chute Cryptocurrency Trader";
        ldap-hashed-passwd =
          pkgs.lib.passwd.hash-ldap-passwd "chute-jabber-passwd-ldaphash"
            chute-jabber-passwd;
      };

      secrets.host-secrets.${hostname}.chute-staging-environment =
        mkIf cfg.enable {
          source-file = make-env-file {
            hostname = "api-public.sandbox.exchange.coinbase.com";
            secret = read-and-trim cfg.staging.secret-file;
            passphrase = read-and-trim cfg.staging.passphrase-file;
            key = read-and-trim cfg.staging.key-file;
            jabber-password = read-and-trim chute-jabber-passwd;
          };
          target-file = "/run/chute/staging.env";
          user = "root";
        };
    };

    informis.chute = {
      enable = cfg.enable;
      stages = {
        staging = mkIf cfg.enable {
          package = pkgs.chuteUnstable;
          environment-file =
            host-secrets.chute-staging-environment.target-file;
          jabber = {
            jid = "chute@jabber.fudo.org";
            target-jid = cfg.jabber-user;
            resource = "procul-staging";
          };
          currencies = {
            btc.stop-percentile = 98;
          };
        };
      };
    };
  };
}