{ config, pkgs, ... }:

{
  systemd.services.numbus-activation-chowned = {
    description = "Numbus-Server activation : Correct permissions";
    wantedBy = [ "multi-user.target" "traefik.service" ];
    after = [ "network.target" "local-fs.target" ];
    path = [ pkgs.coreutils ];
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = true;
    };
    script = ''
      #!/usr/bin/env bash

      if [[ -e /home/numbus-admin/.numbus-server/chowned.true ]]; then
        exit 0
      fi

      mkdir -p /mnt/config/ /mnt/data/ /mnt/data/nextcloud/ 
      mkdir -p /home/numbus-admin/.numbus-server/
      chown -R numbus-admin:users /mnt/config/
      chown -R numbus-admin:users /mnt/data/
      chown -R 100032:users /mnt/data/nextcloud/
      chown -R numbus-admin:users /home/numbus-admin/.numbus-server/

      touch /home/numbus-admin/.numbus-server/chowned.true
    '';
  };

  systemd.services.numbus-activation-networked = {
    description = "Numbus-Server activation : Create podman networks";
    wantedBy = [ "multi-user.target" "traefik.service" ];
    before = [ "traefik.service" ];
    after = [ "network.target" "local-fs.target" "numbus-activation-chowned.service" ];
    path = [ pkgs.podman pkgs.coreutils ];
    serviceConfig = {
      User = "numbus-admin";
      Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ];
      Type = "oneshot";
      RemainAfterExit = true;
    };
    script = ''
      #!/usr/bin/env bash

      export PATH=$PATH:/run/wrappers/bin

PODMAN_NETWORKS
      mkdir -p /home/numbus-admin/.numbus-server/
      touch /home/numbus-admin/.numbus-server/networked.true
    '';
  };

  systemd.services.numbus-quirks = {
    description = "Numbus-Server services : Apply quirks";
    wantedBy = [ "multi-user.target" ];
    after = [ 
      "network.target"
      "local-fs.target"
      "numbus-activation-chowned.service"
      "numbus-activation-networked.service"
      "pi-hole.service"
      "home-assistant.service"
    ];
    path = [ pkgs.curl pkgs.coreutils pkgs.systemd pkgs.podman ];
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = true;
    };
    script = ''
      #!/usr/bin/env bash
      set -euo pipefail

      if [[ -e /home/numbus-admin/.numbus-server/quirked.true ]]; then
        exit 0
      fi

      DOMAIN_NAME="$(cat /run/secrets/domain_name)"

      if [[ -e /etc/nixos/podman/pi-hole.nix ]]; then
        mkdir -p /mnt/config/pi-hole/
        until [[ -e /mnt/config/pi-hole/pihole-FTL.db ]]; do
          echo "Waiting for Pi-hole to be ready..."
          sleep 15
        done
        sleep 60
        podman exec pi-hole pihole -g
        sleep 60
        systemctl restart pi-hole.service
        echo "Pi-Hole quirk applied and service ready !"
      fi

      if [[ -e /etc/nixos/podman/home-assistant.nix ]]; then
        mkdir -p /mnt/config/home-assistant/
        until [[ -e /mnt/config/home-assistant/configuration.yaml ]]; do
          echo "Waiting for Home Assistant to be ready..."
          sleep 15
        done
        sleep 180
        systemctl stop home-assistant.service
        cat << 'EOF' >> /mnt/config/home-assistant/configuration.yaml

http:
  use_x_forwarded_for: true
  trusted_proxies: 172.16.20.253

zha:
EOF
        systemctl start home-assistant.service
        echo "Home Assistant quirk applied and service ready !"
      fi

      if [[ -e /etc/nixos/podman/frigate.nix ]]; then
        mkdir -p /mnt/config/frigate/
        until [[ -e /mnt/config/frigate/config.yaml ]]; do
          echo "Waiting for Frigate to be ready..."
          sleep 15
        done
        sleep 180
        systemctl stop frigate.service
        cat << 'EOF' >> /mnt/config/frigate/config.yaml

tls:
  enabled: false
EOF
        systemctl start frigate.service
        echo "Frigate quirk applied and service ready !"
      fi
  
      mkdir -p /home/numbus-admin/.numbus-server/
      touch /home/numbus-admin/.numbus-server/quirked.true
    '';
  };
}