{ pkgs, ... }@args:
pkgs.writeText "mod-dhcp_sql" ''
  sql dhcp_sql {
    dialect = "sqlite"
    driver = "rlm_sql_''${dialect}"

    sqlite {
      filename = "/tmp/freeradius.db"
      busy_timeout = 200
      bootstrap = "${import ./dhcp-sqlsquema.nix args}"
    }

    radius_db = "radius"

    read_groups = no

    pool {
      start = ''${thread[pool].start_servers}
      min = ''${thread[pool].min_spare_servers}
      max = ''${thread[pool].max_servers}
      spare = ''${thread[pool].max_spare_servers}
      uses = 0
      retry_delay = 30
      lifetime = 0
      idle_timeout = 60
    }

    group_attribute = "''${.:instance}-SQL-Group"

    # -*- text -*-
    #
    #  dhcp/sqlite/queries.conf -- SQLite configuration for DHCP schema (schema.sql)
    #
    #  $Id: 0cc720220d237d98934dd23173ccb4e09bd0cb01 $

    # Safe characters list for sql queries. Everything else is replaced
    # with their mime-encoded equivalents.
    # The default list should be ok
    # safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"

    #######################################################################
    #  Query config:  Identifier
    #######################################################################
    # This is the identifier that will get substituted, escaped, and added
    # as attribute 'SQL-User-Name'.  '%{SQL-User-Name}' should be used
    # below everywhere an identifier substitution is needed so you you can
    # be sure the identifier passed from the client is escaped properly.
    #
    sql_user_name = "%{control:DHCP-SQL-Option-Identifier}"

    #######################################################################
    #  Attribute Lookup Queries
    #######################################################################
    #  These queries setup the reply items in ''${dhcpreply_table} and
    #  ''${group_reply_query}.  You can use any query/tables you want, but
    #  the return data for each row MUST be in the following order:
    #
    #  0. Row ID (currently unused)
    #  1. Identifier
    #  2. Item Attr Name
    #  3. Item Attr Value
    #  4. Item Attr Operation
    #######################################################################

    authorize_reply_query = "\
      SELECT id, identifier, attribute, value, op \
      FROM dhcpreply \
      WHERE identifier = '%{SQL-User-Name}' AND context = '%{control:DHCP-SQL-Option-Context}' \
      ORDER BY id"

    authorize_group_reply_query = "\
      SELECT id, groupname, attribute, value, op \
      FROM dhcpgroupreply \
      WHERE groupname = '%{''${group_attribute}}' AND context = '%{control:DHCP-SQL-Option-Context}' \
      ORDER BY id"

    group_membership_query = "\
      SELECT groupname \
      FROM dhcpgroup \
      WHERE identifier='%{SQL-User-Name}' AND context = '%{control:DHCP-SQL-Option-Context}' \
      ORDER BY priority"
  }
''