{ config, pkgs, lib, ... }:

with lib;

let
  cfg = config.services.netatalk;
  settingsFormat = pkgs.formats.ini { };
  afpConfFile = settingsFormat.generate "afp.conf" cfg.settings;
in {
  options = {
    services.netatalk = {

      enable = mkEnableOption "the Netatalk AFP fileserver";

      port = mkOption {
        type = types.port;
        default = 548;
        description = "TCP port to be used for AFP.";
      };

      settings = mkOption {
        inherit (settingsFormat) type;
        default = { };
        example = {
          Global = { "uam list" = "uams_guest.so"; };
          Homes = {
            path = "afp-data";
            "basedir regex" = "/home";
          };
          example-volume = {
            path = "/srv/volume";
            "read only" = true;
          };
        };
        description = ''
          Configuration for Netatalk. See
          <citerefentry><refentrytitle>afp.conf</refentrytitle>
          <manvolnum>5</manvolnum></citerefentry>.
        '';
      };

      extmap = mkOption {
        type = types.lines;
        default = "";
        description = ''
          File name extension mappings.
          See <citerefentry><refentrytitle>extmap.conf</refentrytitle>
          <manvolnum>5</manvolnum></citerefentry>. for more information.
        '';
      };

    };
  };

  imports = (map (option:
    mkRemovedOptionModule [ "services" "netatalk" option ]
    "This option was removed in favor of `services.netatalk.settings`.") [
      "extraConfig"
      "homes"
      "volumes"
    ]);

  config = mkIf cfg.enable {

    services.netatalk.settings.Global = {
      "afp port" = toString cfg.port;
      "extmap file" = "${pkgs.writeText "extmap.conf" cfg.extmap}";
    };

    systemd.services.netatalk = {
      description = "Netatalk AFP fileserver for Macintosh clients";
      unitConfig.Documentation =
        "man:afp.conf(5) man:netatalk(8) man:afpd(8) man:cnid_metad(8) man:cnid_dbd(8)";
      after = [ "network.target" "avahi-daemon.service" ];
      wantedBy = [ "multi-user.target" ];

      path = [ pkgs.netatalk ];

      serviceConfig = {
        Type = "forking";
        GuessMainPID = "no";
        PIDFile = "/run/lock/netatalk";
        ExecStart = "${pkgs.netatalk}/sbin/netatalk -F ${afpConfFile}";
        ExecReload = "${pkgs.coreutils}/bin/kill -HUP  $MAINPID";
        ExecStop = "${pkgs.coreutils}/bin/kill -TERM $MAINPID";
        Restart = "always";
        RestartSec = 1;
        StateDirectory = [ "netatalk/CNID" ];
      };

    };

    security.pam.services.netatalk.unixAuth = true;

  };

}