{ config, lib, pkgs, ... }:

with lib;
let
  cfg = config.fudo.services.tattler;

  hostname = config.instance.hostname;
  isSnooper = config.instance.hostname == cfg.snooper-host;
  domain-name = config.fudo.host."${hostname}".domain;

  snooper-mqtt-passwd = pkgs.lib.passwd.stablerandom-passwd-file "snooper-mqtt"
    config.instance.build-seed;

in {
  options.fudo.services.tattler = with types; {
    enable = mkEnableOption "Enable Snooper & Tattler notification system.";

    verbose = mkEnableOption "Enable verbose output and logging.";

    enable-notifications =
      mkEnableOption "Enable tattler notifications on the local host.";

    event-topics = mkOption {
      type = listOf str;
      description = "List of MQTT topics on which to listen for motion events.";
    };

    notification-topic = mkOption {
      type = str;
      description = "MQTT topic on which to publish notifications.";
      default = "fudo/notifications/objects";
    };

    snooper-host = mkOption {
      type = str;
      description = "Host on which to run the snooper service.";
    };
  };

  config = mkIf cfg.enable {
    fudo = {
      secrets.host-secrets."${hostname}" = {
        snooper-passwd = mkIf isSnooper {
          source-file = snooper-mqtt-passwd;
          target-file = "/run/snooper/mqtt.passwd";
        };
      };

      services.mqtt = mkIf isSnooper {
        enable = true;
        private = {
          enable = true;
          users.snooper = {
            password-file = snooper-mqtt-passwd;
            acl = map (topic: "read ${topic}") cfg.event-topics;
          };
        };
        public = {
          enable = true;
          acl = [ "read ${cfg.notification-topic}" ];
          users.snooper = {
            password-file = snooper-mqtt-passwd;
            acl = [ "readwrite ${cfg.notification-topic}" ];
          };
        };
      };
    };

    services = {
      snooper = mkIf isSnooper {
        enable = true;
        verbose = true;
        event-topics = cfg.event-topics;
        notification-topic = cfg.notification-topic;
        mqtt = let
          host-secrets =
            (trace hostname config.fudo.secrets.host-secrets."${hostname}");
        in {
          incoming = {
            port = config.fudo.services.mqtt.private.port;
            host = config.fudo.services.mqtt.mqtt-hostname;
            username = "snooper";
            password-file = host-secrets.snooper-passwd.target-file;
          };
          outgoing = {
            port = config.fudo.services.mqtt.public.port;
            host = config.fudo.services.mqtt.mqtt-hostname;
            username = "snooper";
            password-file = host-secrets.snooper-passwd.target-file;
          };
        };
      };
      tattler = mkIf cfg.enable-notifications {
        enable = true;
        verbose = true;
        notification-topic = cfg.notification-topic;
        mqtt = {
          inherit (config.fudo.services.mqtt.public) port;
          host = config.fudo.services.mqtt.mqtt-hostname;
        };
      };
    };
  };
}