{ config, pkgs, lib, ... }:

with lib;

let
  # Container config
  name = "odoo";
  # Version tagging
  odooVersion = "10.11.6";
  databaseVersion = "15.17";
  # Storage optimization
  spindown = config.numbus-server.hardware.HddSpindown;
  optimizedDir = if spindown.enable && (spindown.optimize == "compatible" || (isList spindown.optimize && elem name spindown.optimize))
    then cfg.configDir
    else cfg.dataDir;
  # Helper
  helper = import ../service-helper.nix { inherit config pkgs lib; };
  cfg = config.numbus-server.services.odoo;
in

helper.mkPodmanService {
  inherit name;
  description = "Odoo : An open ERP (Enterprise resource planning) solution";
  defaultPort = "8069";
  configDirEnabled = optimizedDir == cfg.configDir;
  dataDirEnabled = optimizedDir == cfg.dataDir;
  middlewares = [
    "secureHeaders"
  ];
  dirPermissions = [
    "100999:100 ${optimizedDir}"
    "100999:100 ${optimizedDir}/odoo"
    "100999:100 ${cfg.configDir}/addons"
    "100999:100 ${cfg.configDir}/config"
    "100999:100 ${cfg.configDir}/database"
  ];

  composeText = ''
    services:
      odoo-database:
        image: docker.io/library/postgres:${databaseVersion}
        container_name: odoo-database
        hostname: odoo-database
        user: '1000:1000'
        shm_size: 128mb
        networks:
          odoo:
            ipv4_address: 10.89.190.253
        volumes:
          - ${cfg.configDir}/database:/var/lib/postgresql/data
        environment:
          - POSTGRES_DB=${config.sops.placeholder."odoo/db_name"}
          - POSTGRES_PASSWORD=${config.sops.placeholder."odoo/db_password"}
          - POSTGRES_USER=${config.sops.placeholder."odoo/db_username"}
          - PGDATA=/var/lib/postgresql/data
        cap_drop:
          - NET_RAW
        security_opt:
          - no-new-privileges:true
        restart: unless-stopped

      odoo-server:
        image: docker.io/library/odoo:${odooVersion}
        container_name: odoo-server
        hostname: odoo-server
        user: '1000:1000'
        networks:
          odoo:
            ipv4_address: 10.89.190.252
        ports:
          - "${cfg.port}:8069/tcp"
        volumes:
          - ${optimizedDir}/odoo:/var/lib/odoo
          - ${cfg.configDir}/config:/etc/odoo
          - ${cfg.configDir}/addons:/mnt/extra-addons
        environment:
          - HOST=odoo-database
          - USER=${config.sops.placeholder."odoo/db_username"}
          - PASSWORD=${config.sops.placeholder."odoo/db_password"}
        depends_on:
          - odoo-database
        cap_drop:
          - NET_RAW
        security_opt:
          - no-new-privileges:true
        restart: unless-stopped

    networks:
      odoo:
        driver: bridge
        name: odoo
        ipam:
          config:
            - subnet: "10.89.190.0/24"
              gateway: "10.89.190.254"
  '';

  extraConfig = {
    sops.secrets."odoo/db_name" = {
      sopsFile = /etc/nixos/secrets/podman/odoo.yaml;
      gid = "100";
      uid = "1000";
      mode = "0400";
    };
    sops.secrets."odoo/db_username" = {
      sopsFile = /etc/nixos/secrets/podman/odoo.yaml;
      gid = "100";
      uid = "1000";
      mode = "0400";
    };
    sops.secrets."odoo/db_password" = {
      sopsFile = /etc/nixos/secrets/podman/odoo.yaml;
      gid = "100";
      uid = "1000";
      mode = "0400";
    };
  };
}