{ pkgs, lib, config, ... }:
with lib;
with types;
let
  cfg = config.services.drone-server;
in
  {
    options.services.drone-server = {
      enable = mkEnableOption "Enable a Drone CI/CD web server";
      package = mkOption {
        type = package;
        default = pkgs.drone;
        defaultText = "pkgs.drone";
      };
      env = mkOption {
        type = listOf str;
        description = "Environment strings (e.g. DRONE_USER_CREATE, etc.)";
      };
      envFile = mkOption {
        type = str;
        description = "Path to the environment file (may contains secrets)";
      };
      user = mkOption {
        type = str;
        default = "droneserver";
      };
      group = mkOption {
        type = str;
        default = "droneserver";
      };
      port = mkOption {
        type = port;
        default = 3030;
      };

      database.name = mkOption {
        type = str;
        default = "droneserver";
      };
    };
    config = mkIf cfg.enable {
      systemd.services.drone-server = {
        wantedBy = [ "multi-user.target" ];

        serviceConfig = {
          EnvironmentFile = [
            cfg.envFile
          ];
          Environment = [
            "DRONE_DATABASE_DATASOURCE=postgres:///${cfg.database.name}?host=/run/postgresql"
            "DRONE_DATABASE_DRIVER=postgres"
            "DRONE_SERVER_PORT=:${toString cfg.port}"
          ] ++ cfg.env;

          ExecStart = "${cfg.package}/bin/drone-server";
          User = cfg.user;
          Group = cfg.group;
        };
      };

      services.postgresql = {
        ensureDatabases = [ cfg.database.name ];
        ensureUsers = [{
          name = cfg.user;
          ensurePermissions."DATABASE ${cfg.database.name}" = "ALL PRIVILEGES";
        }];
      };

      users.users.${cfg.user} = {
        isSystemUser = true;
        createHome = true;
        group = cfg.group;
      };
      users.groups.${cfg.group} = {};
    };
  }