{ pkgs, ... }:

let
  version = "v0.1.0";
  spaceapidSrc = pkgs.fetchgit {
    url = "https://git.hamburg.ccc.de/CCCHH/spaceapid.git";
    rev = version;
    hash = "sha256-2SDhliltzyydPPZdNn/htDydiK/SHQcYyG/dQ0EyFrY=";
  };
  spaceapid = pkgs.buildGoModule rec {
    pname = "spaceapid";
    inherit version;

    src = spaceapidSrc;

    ldflags = [
      "-X main.version=${version}"
    ];

    # Since spaceapid doesn't have any dependencies, we can set this to null and
    # use the nonexistend vendored dependencies.
    vendorHash = null;
  };
  spaceapidConfigResponse = pkgs.writeText "spaceapid-config-ccchh-response.json" (builtins.readFile spaceapid-config/ccchh-response.json);
  spaceapidConfigDynamic = pkgs.writeText "spaceapid-config-ccchh-dynamic.json" (builtins.readFile spaceapid-config/ccchh-dynamic.json);
in
{
  users.users.spaceapi = {
    isSystemUser = true;
    group = "spaceapi";
  };
  users.groups.spaceapi = { };

  systemd.services.spaceapid = {
    enable = true;
    description = "Daemon hosting the SpaceAPI";
    unitConfig = {
      Wants = [ "network-online.target" ];
      After = [ "network.target" "network-online.target" ];
    };
    serviceConfig = {
      ExecStart = "${spaceapid}/bin/spaceapid -c ${spaceapidConfigResponse},${spaceapidConfigDynamic},/run/secrets/spaceapid_config_ccchh_credentials";
      User = "spaceapi";
      Group = "spaceapi";
      Restart = "on-failure";
      StateDirectory = "spaceapid";
    };
    wantedBy = [ "multi-user.target" ];
  };

  sops.secrets."spaceapid_config_ccchh_credentials" = {
    mode = "0440";
    owner = "spaceapi";
    group = "spaceapi";
    restartUnits = [ "spaceapid.service" ];
  };
}