{ config, lib, pkgs, timeZone, ... }:
let
  srvConfig = config.serverConfig;
in
{
  options.serverConfig= {
    userName = lib.mkOption {
      type = lib.types.str;
      description = "Main username for system";
    };
    hostName = lib.mkOption {
      type = lib.types.str;
      description = "Hostname for system";
    };
    hostId = lib.mkOption {
      type = lib.types.str;
      description = "Host ID";
    };
    email = lib.mkOption {
      type = lib.types.str;
      description = "Email for server box";
    };
    sshEnable = lib.mkOption {
      default = false;
      description = "Whether to enable ssh server";
    };
    nfsEnable = lib.mkOption {
      default = false;
    };
    nfsRoot = lib.mkOption {
      default = "/nfs_export";
      type = lib.types.str;
    };
    nfsExports = lib.mkOption {
      default = [];
      description = "List of file paths provided as strings to the nfs exports";
    };
    nfsIpExport = lib.mkOption {
      type = lib.types.str;
      description = "Where to export the shares to i.e. 192.168.0.0/24 (export to local network)";
    };
    syncthingEnable = lib.mkOption {
      default = false;
      description = "Whether to enable syncThing host on this machine";
    };
    caldavEnable = lib.mkOption {
      default = false;
      description = "Enable the caldav server service (radicale)";
    };
  };

  imports = [
    ./modules/user/main_user.nix
  ];
  
  config = {
    # Enable flakes feature
    nix.settings.experimental-features = [
      "nix-command" "flakes"
    ];

    boot.loader.systemd-boot.enable = true;
    boot.loader.efi.canTouchEfiVariables = true;

    networking = {
      hostId = srvConfig.hostId;
      hostName = srvConfig.hostName; # Define your hostname.
      # Pick only one of the below networking options.
      # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
      networkmanager.enable = true;  # Easiest to use and most distros use this by default.
    };

    time.timeZone = timeZone;
 
    main_user = {
      enable = true;
      userName = srvConfig.userName;
      isDesktopUser = false;
    };

    environment.systemPackages = with pkgs; [
      docker
      docker-compose
      zsh
    ];

    programs.zsh.enable = true;

    services.openssh = lib.mkIf srvConfig.sshEnable {
      enable = true;
    };

    # nfs options breakdown: link for export options https://linux.die.net/man/5/exports
    # rw - default read write
    # sync - wait until requests are saved to disk to respond to clients, safer but slower
    # no_subtree_check - 
    services.nfs.server = lib.mkIf srvConfig.nfsEnable {
      enable = true;
      exports = ''
       ${srvConfig.nfsRoot} ${srvConfig.nfsIpExport}(rw,fsid=root,no_subtree_check)
       ${lib.concatMapStringsSep "\n" (n: "${srvConfig.nfsRoot}${n} ${srvConfig.nfsIpExport}(rw,sync,no_subtree_check,all_squash,anongid=105,anonuid=1005)") srvConfig.nfsExports}
     '';
    };
    # nfs port TODO make dependant on option enabled
    # 2049 - nfs
    # 8384 - syncthing
    # 5352 - caldav server radicale
    networking.firewall.allowedTCPPorts = [ 80 2049 5232 8384 ];

    users.groups.kage = {
      gid = 105;
    };
    users.users.kage = {
      uid = 1005;
      isSystemUser = true;
      initialPassword = "password";
      description = "user to manage nfs and syncthing tasks";
      group = "kage";
      extraGroups = [
        "users"
      ];
    };

    services.syncthing = lib.mkIf srvConfig.syncthingEnable {
      enable = true;
      user = "kage";
      group = "users";
      dataDir = "${srvConfig.nfsRoot}/kage/syncthing";
      configDir = "${srvConfig.nfsRoot}/kage/.config/syncthing";
      # overrideDevices = true;     # overrides any devices added or deleted through the WebUI
      # overrideFolders = true;     # overrides any folders added or deleted through the WebUI
      openDefaultPorts = true;
      relay.enable = true;
      guiAddress = "0.0.0.0:8384";
      # settings = {
      #   devices = {
      #     # "supernote" = { id = "DEVICE-ID-GOES-HERE"; };
      #     # "pixel" = { id = "DEVICE-ID-GOES-HERE2"; };
      #     # "winmax" = { id = "id3"; };
      #     # "nix-box" = { id = "id4"; };
      #   };
      #   folders = {
      #     "supernote" = {         # Name of folder in Syncthing, also the folder ID
      #       path = "${srvConfig.nfsRoot}/kage/syncthing/supernote";    # Which folder to add to Syncthing
      #       # devices = [ "supernote" "pixel" ];      # Which devices to share the folder with
      #     };
      #     "web" = {         # Name of folder in Syncthing, also the folder ID
      #       path = "${srvConfig.nfsRoot}/kage/syncthing/web";    # Which folder to add to Syncthing
      #       # devices = [ "supernote" "pixel" "winmax" "nix-box" ];      # Which devices to share the folder with
      #     };
      #   };
      # };
    };

    services.radicale = lib.mkIf srvConfig.caldavEnable {
      enable = true;
      settings = {
        # Run server port 5232
        server = {
          hosts = [ "0.0.0.0:5232" "[::]:5232" ];
        };
        auth = {
          type = "htpasswd";
          htpasswd_filename = "/home/luci/.config/radicale/rad_pass";
          htpasswd_encryption = "bcrypt";
        };
      };
    };

    systemd.timers."pixel-backups" = {
      wantedBy = [ "timers.target" ];
        timerConfig = {
          OnCalendar = "daily";
        };
    };

    systemd.services."pixel-backups" = {
      script = ''
        # Move files older than 90 days to the backups file
        find /nfs_export/kage/syncthing/pixel_images/ -type f -mtime +90 | xargs -I {} mv {} /nfs_export/kage/Personal/Nate/Phone_Images
      '';
      serviceConfig = {
        Type = "oneshot";
        User = "root";
      };
    };
    
    # networking.firewall.allowedTCPPorts = [ ... ];
    # networking.firewall.allowedUDPPorts = [ ... ];

    system.stateVersion = "23.11"; # Did you read the comment?
  };
}