# SPDX-FileCopyrightText: 2024 Maurice Debray <maurice.debray@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2

{
  config,
  lib,
  pkgs,
  meta,
  name,
  ...
}:

let
  inherit (lib)
    genAttrs
    mapAttrs'
    mkDefault
    mkEnableOption
    mkIf
    mkOption
    nameValuePair
    ;

  inherit (lib.types)
    path
    nullOr
    package
    port
    ;

  mkIfNotNull = v: mkIf (v != null);

  mkListen = local: port: "${if local then "127.0.0.1" else "[::]"}:${builtins.toString port}";

  mkOptionalListen = local: port: mkIfNotNull port (mkListen local port);

  mkPortOption =
    name:
    mkOption {
      type = nullOr port;
      default = null;
      description = ''
        Listening port for the ${name} garage service.
      '';
    };

  cfg = config.dgn-s3;
in

{
  options.dgn-s3 = {
    enable = mkEnableOption "a Garage node for the DGNum S3 server";

    data_dir = mkOption {
      type = path;
      description = ''
        The directory in which Garage will store the data blocks of objects.
        Can be put on slow hardware.
      '';
    };

    metadata_dir = mkOption {
      type = path;
      description = ''
        The directory in which Garage will store the metadata of objects.
        Should be put on fast hardware.
      '';
    };

    package = mkOption {
      type = package;
      default = pkgs.garage_1_0_1;
      description = ''
        Garage package to use, needs to be set explicitly.
        If you are upgrading from a major version, please read NixOS
        and Garage release notes for upgrade instructions.
      '';
    };

    ports =
      {
        rpc = mkOption {
          type = port;
          default = null;
          description = ''
            Listening port for the ${name} garage service.
          '';
        };
      }
      // (genAttrs [
        "admin_api"
        "k2v_api"
        "s3_api"
        "s3_web"
      ] mkPortOption);
  };

  config = mkIf cfg.enable {
    age-secrets = {
      autoMatch = [ "garage" ];
      sources = [ ./. ];
    };

    dgn-web.internalPorts = mapAttrs' (name: nameValuePair "garage-${name}") cfg.ports;

    networking.firewall.allowedTCPPorts = [ cfg.ports.rpc ];

    services.garage = {
      enable = true;

      inherit (cfg) package;

      settings = {
        inherit (cfg) data_dir metadata_dir;

        db_engine = "lmdb";

        consistency_mode = "dangerous";
        replication_factor = 2;

        compression_level = 7;

        rpc_bind_addr = mkOptionalListen false cfg.ports.rpc;
        rpc_public_addr = "${meta.network.${name}.netbirdIp}:${builtins.toString cfg.ports.rpc}";
        rpc_secret_file = config.age.secrets."garage-rpc_secret_file".path;

        s3_api = {
          s3_region = "garage";
          api_bind_addr = mkOptionalListen true cfg.ports.s3_api;
          root_domain = mkDefault ".s3.dgnum";
        };

        s3_web = {
          bind_addr = mkOptionalListen true cfg.ports.s3_web;
          index = "index.html";
          root_domain = mkDefault ".web.dgnum";
        };

        k2v_api = mkIfNotNull cfg.ports.k2v_api {
          api_bind_addr = mkListen false cfg.ports.k2v_api;
        };

        admin = {
          api_bind_addr = mkListen true cfg.ports.admin_api;
          admin_token_file = config.age.secrets."garage-admin_token_file".path;
          metrics_token_file = config.age.secrets."garage-metrics_token_file".path;
        };
      };
    };

    systemd.services.garage.serviceConfig = {
      User = "garage";
      ReadWriteDirectories = [
        cfg.data_dir
        cfg.metadata_dir
      ];
      TimeoutSec = 600;
    };

    users.users.garage = {
      isSystemUser = true;
      group = "garage";
    };
    users.groups.garage = { };
  };
}