{
  config,
  lib,
  pkgs,
  ...
}:

let
  cfg = config.services.alertbot;
  alertbot = pkgs.callPackage ../pkgs/alertbot { };
  configFile = (pkgs.formats.toml { }).generate "config.yaml" {
    listen_port = cfg.listenPort;
    matrix = {
      homeserver = cfg.matrix.homeserver;
      user = cfg.matrix.user;
      password_cred = "matrix-password";
      room_id = cfg.matrix.roomId;
    };
  };
in {
  options.services.alertbot = {
    enable = lib.mkEnableOption "alertbot";

    listenPort = lib.mkOption {
      type = lib.types.port;
      description = "Listen port.";
    };

    user = lib.mkOption {
      type = lib.types.str;
      default = "alertbot";
      description = "User under which alertbot should run.";
    };

    group = lib.mkOption {
      type = lib.types.str;
      default = "alertbot";
      description = "User under which alertbot should run.";
    };

    matrix = {
      homeserver = lib.mkOption {
        type = lib.types.str;
        description = "Homeserver URL.";
      };

      user = lib.mkOption {
        type = lib.types.str;
        description = "User ID.";
      };

      passwordFile = lib.mkOption {
        type = lib.types.path;
        description = "Password file path.";
      };

      roomId = lib.mkOption {
        type = lib.types.str;
        description = "Room ID.";
      };
    };
  };

  config = lib.mkIf cfg.enable {
    users.users.${cfg.user} = {
      isSystemUser = true;
      group = cfg.group;
    };

    users.groups.${cfg.group} = { };

    systemd.services.alertbot = {
      description = "Alertbot service";
      after = [ "network.target" ];
      wantedBy = [ "multi-user.target" ];
      serviceConfig = {
        LoadCredential = [ "matrix-password:${cfg.matrix.passwordFile}" ];
        User = cfg.user;
        Group = cfg.group;
        ExecStart = ''
          ${lib.getExe' alertbot "alertbot"} -c ${configFile}
        '';
      };
    };
  };
}