{ config, lib, pkgs, ... }:

with lib;

let
  cfg = config.numbus-server.services.clamav;
  clamav_notifier = pkgs.writeScript "clamav-notify.sh" ''
    #!${pkgs.bash}/bin/bash

    # Check if triggered by Real-time event (file exists)
    if [ -f /var/lib/clamav/virus_event.env ]; then
      source /var/lib/clamav/virus_event.env
      rm /var/lib/clamav/virus_event.env
    fi

    ADMIN_EMAIL="${config.numbus-server.mail.adminAddress}"
    USER_EMAIL="${config.numbus-server.mail.userAddress}"
    OWNER_NAME="${config.numbus-server.owner}"

    if [ -n "$CLAM_VIRUSEVENT_VIRUSNAME" ]; then
      # --- Real-time / VirusEvent Mode ---
      SUBJECT="Numbus Server Alert: Virus Detected (Real-time)"
      
      # Retrieve logs from clamav-daemon
      LOGS=$(journalctl -u clamav-daemon.service -n 50 --no-pager | grep "FOUND")

      TECH_BODY="
      ClamAV Real-time Alert:
      Server owner: $OWNER_NAME
      
      Virus detected: $CLAM_VIRUSEVENT_VIRUSNAME
      File: $CLAM_VIRUSEVENT_FILENAME
      
      Logs:
      $LOGS
      
      Action taken: Access blocked (OnAccessPrevention).
      Please investigate manually.
      "
      
      FRIENDLY_BODY="Cher/Chère $OWNER_NAME,

      L'antivirus de votre serveur a détecté et bloqué une menace en temps réel.
      Fichier : $CLAM_VIRUSEVENT_FILENAME
      
      Votre administrateur a été notifié.
      "
    else
      # --- Scheduled Scan Summary Mode ---
      SUBJECT="Numbus Server Alert: Virus Detected during Scheduled Scan"
      
      # Retrieve logs (clamdscan prints FOUND when a virus is detected)
      LOGS=$(journalctl -u clamav-periodic-scan.service -n 100 --no-pager | grep "FOUND")
      
      TECH_BODY="
      ClamAV Scan Alert:
      Server owner: $OWNER_NAME

      Viruses detected:
      $LOGS

      Action taken: Detection only.
      Please investigate manually.
      "
      
      FRIENDLY_BODY="Cher/Chère $OWNER_NAME,

      L'antivirus de votre serveur a détecté une menace potentielle lors de l'analyse périodique.
      Votre administrateur a été notifié avec les détails techniques.
      Nous vous conseillons d'être prudent avec vos fichiers récents.
      "
    fi

    printf "Subject: [ADMIN] %s\n\n%s" "$SUBJECT" "$TECH_BODY" | /run/wrappers/bin/sendmail -t "$ADMIN_EMAIL"
    printf "Subject: [Alerte] Menace détectée sur votre serveur Numbus\n\n%s\n\nMerci de votre confiance,\nL'équipe de support,\nNumbus-Server." "$FRIENDLY_BODY" | /run/wrappers/bin/sendmail -t "$USER_EMAIL"
  '';
in

{ 
  config = mkIf cfg.enable {
    systemd.services.clamav-virus-notify = {
      description = "Email notification for ClamAV virus detection";
      serviceConfig = {
        Type = "oneshot";
        ExecStart = "${clamav_notifier}";
      };
    };
  };
}