{ config, pkgs, ... }:

{
  systemd.services.numbus-activation = {
    description = "Numbus-Server activation : Correct permissions";
    wantedBy = [ "multi-user.target" "traefik.service" ];
    after = [ "network.target" "local-fs.target" ];
    path = [ pkgs.coreutils pkgs.podman pkgs.sudo ];
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = true;
    };
    script = ''
      #!/usr/bin/env bash

      if [[ -e /home/numbus-admin/.numbus-server/activated.true ]]; then
        echo "Already activated"
        exit 0
      fi

      echo "Creating directories with correct permissions..."
      mkdir -p /mnt/config/ /mnt/data/ /mnt/data/nextcloud/ 
      mkdir -p /home/numbus-admin/.numbus-server/
      chown -R numbus-admin:users /mnt/config/
      chown -R numbus-admin:users /mnt/data/
      chown -R 100032:users /mnt/data/nextcloud/

      echo "Creating podman networks..."
      export PATH=$PATH:/run/wrappers/bin

PODMAN_NETWORKS

      mkdir -p /home/numbus-admin/.numbus-server/
      touch /home/numbus-admin/.numbus-server/activated.true
      chown -R numbus-admin:users /home/numbus-admin/.numbus-server/
      echo "Activated successfully !"
    '';
  };

  systemd.services.numbus-quirks = {
    description = "Numbus-Server services : Apply quirks";
    wantedBy = [ "multi-user.target" ];
    after = [ 
      "network.target"
      "local-fs.target"
      "numbus-activation-chowned.service"
      "numbus-activation-networked.service"
      "pi-hole.service"
      "home-assistant.service"
    ];
    path = [ pkgs.curl pkgs.coreutils pkgs.systemd pkgs.podman pkgs.sudo ];
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = true;
    };
    script = ''
      #!/usr/bin/env bash
      set -euo pipefail

      if [[ -e /home/numbus-admin/.numbus-server/quirked.true ]]; then
        echo "Quirks already applied"
        exit 0
      fi

      DOMAIN_NAME="$(cat /run/secrets/domain_name)"

      echo "Applying Pi-Hole quirks..."
      if [[ -e /etc/nixos/podman/pi-hole.nix ]]; then
        mkdir -p /mnt/config/pi-hole/
        chown -R numbus-admin:users /mnt/config/pi-hole/
        echo "Waiting for Pi-hole to be ready..."
        until [[ -e /mnt/config/pi-hole/pihole-FTL.db ]]; do
          sleep 15
        done
        sleep 60
        sudo -u numbus-admin podman exec pi-hole pihole -g
        sleep 60
        systemctl restart pi-hole.service
        echo "Pi-Hole quirk applied and service ready !"
      fi

      echo "Applying Home Assistant quirks..."
      if [[ -e /etc/nixos/podman/home-assistant.nix ]]; then
        mkdir -p /mnt/config/home-assistant/
        chown -R numbus-admin:users /mnt/config/home-assistant/
        echo "Waiting for Home Assistant to be ready..."
        until [[ -e /mnt/config/home-assistant/configuration.yaml ]]; do
          sleep 15
        done
        sleep 180
        systemctl stop home-assistant.service
        cat << 'EOF' >> /mnt/config/home-assistant/configuration.yaml

http:
  use_x_forwarded_for: true
  trusted_proxies: 172.16.0.0/16

zha:
EOF
        systemctl start home-assistant.service
        echo "Home Assistant quirk applied and service ready !"
      fi

      echo "Applying Frigate quirks..."
      if [[ -e /etc/nixos/podman/frigate.nix ]]; then
        mkdir -p /mnt/config/frigate/
        chown -R numbus-admin:users /mnt/config/frigate/
        echo "Waiting for Frigate to be ready..."
        until [[ -e /mnt/config/frigate/config.yaml ]]; do
          sleep 15
        done
        sleep 180
        systemctl stop frigate.service
        cat << 'EOF' >> /mnt/config/frigate/config.yaml

tls:
  enabled: false
EOF
        systemctl start frigate.service
        echo "Frigate quirk applied and service ready !"
      fi
  
      mkdir -p /home/numbus-admin/.numbus-server/
      touch /home/numbus-admin/.numbus-server/quirked.true
      chown -R numbus-admin:users /home/numbus-admin/.numbus-server/
      echo "Quirks applied successfully !"
    '';
  };
}