{ config, pkgs, lib, ... }:

with lib;

let
  cfg = config.services.cadvisor;

in {
  options = {
    services.cadvisor = {
      enable = mkOption {
        default = false;
        type = types.bool;
        description = "Whether to enable cadvisor service.";
      };

      listenAddress = mkOption {
        default = "127.0.0.1";
        type = types.str;
        description = "Cadvisor listening host";
      };

      port = mkOption {
        default = 8080;
        type = types.int;
        description = "Cadvisor listening port";
      };

      storageDriver = mkOption {
        default = null;
        type = types.nullOr types.str;
        example = "influxdb";
        description = "Cadvisor storage driver.";
      };

      storageDriverHost = mkOption {
        default = "localhost:8086";
        type = types.str;
        description = "Cadvisor storage driver host.";
      };

      storageDriverDb = mkOption {
        default = "root";
        type = types.str;
        description = "Cadvisord storage driver database name.";
      };

      storageDriverUser = mkOption {
        default = "root";
        type = types.str;
        description = "Cadvisor storage driver username.";
      };

      storageDriverPassword = mkOption {
        default = "root";
        type = types.str;
        description = ''
          Cadvisor storage driver password.

          Warning: this password is stored in the world-readable Nix store. It's
          recommended to use the <option>storageDriverPasswordFile</option> option
          since that gives you control over the security of the password.
          <option>storageDriverPasswordFile</option> also takes precedence over <option>storageDriverPassword</option>.
        '';
      };

      storageDriverPasswordFile = mkOption {
        type = types.str;
        description = ''
          File that contains the cadvisor storage driver password.

          <option>storageDriverPasswordFile</option> takes precedence over <option>storageDriverPassword</option>

          Warning: when <option>storageDriverPassword</option> is non-empty this defaults to a file in the
          world-readable Nix store that contains the value of <option>storageDriverPassword</option>.

          It's recommended to override this with a path not in the Nix store.
          Tip: use <link xlink:href='https://nixos.org/nixops/manual/#idm140737318306400'>nixops key management</link>
        '';
      };

      storageDriverSecure = mkOption {
        default = false;
        type = types.bool;
        description = "Cadvisor storage driver, enable secure communication.";
      };

      extraOptions = mkOption {
        type = types.listOf types.str;
        default = [];
        description = ''
          Additional cadvisor options.

          See <link xlink:href='https://github.com/google/cadvisor/blob/master/docs/runtime_options.md'/> for available options.
        '';
      };
    };
  };

  config = mkMerge [
    { services.cadvisor.storageDriverPasswordFile = mkIf (cfg.storageDriverPassword != "") (
        mkDefault (toString (pkgs.writeTextFile {
          name = "cadvisor-storage-driver-password";
          text = cfg.storageDriverPassword;
        }))
      );
    }

    (mkIf cfg.enable {
      systemd.services.cadvisor = {
        wantedBy = [ "multi-user.target" ];
        after = [ "network.target" "docker.service" "influxdb.service" ];

        postStart = mkBefore ''
          until ${pkgs.curl.bin}/bin/curl -s -o /dev/null 'http://${cfg.listenAddress}:${toString cfg.port}/containers/'; do
            sleep 1;
          done
        '';

        script = ''
          exec ${pkgs.cadvisor}/bin/cadvisor \
            -logtostderr=true \
            -listen_ip="${cfg.listenAddress}" \
            -port="${toString cfg.port}" \
            ${escapeShellArgs cfg.extraOptions} \
            ${optionalString (cfg.storageDriver != null) ''
              -storage_driver "${cfg.storageDriver}" \
              -storage_driver_user "${cfg.storageDriverHost}" \
              -storage_driver_db "${cfg.storageDriverDb}" \
              -storage_driver_user "${cfg.storageDriverUser}" \
              -storage_driver_password "$(cat "${cfg.storageDriverPasswordFile}")" \
              ${optionalString cfg.storageDriverSecure "-storage_driver_secure"}
            ''}
        '';

        serviceConfig.TimeoutStartSec=300;
      };
    })
  ];
}