{ config, lib, pkgs, ... }:

with lib;

let
  cfg = config.services.buildkite-agent;
  configFile = pkgs.writeText "buildkite-agent.cfg"
    ''
      token="${cfg.token}"
      name="${cfg.name}"
      meta-data="${cfg.meta-data}"
      hooks-path="${pkgs.buildkite-agent}/share/hooks"
      build-path="/var/lib/buildkite-agent/builds"
      bootstrap-script="${pkgs.buildkite-agent}/share/bootstrap.sh"
    '';
in

{
  options = {
    services.buildkite-agent = {
      enable = mkEnableOption "buildkite-agent";

      token = mkOption {
        type = types.str;
        description = ''
          The token from your Buildkite "Agents" page.
        '';
      };

      name = mkOption {
        type = types.str;
        description = ''
          The name of the agent.
        '';
      };

      meta-data = mkOption {
        type = types.str;
        default = "";
        description = ''
          Meta data for the agent.
        '';
      };

      openssh =
        { privateKey = mkOption {
            type = types.str;
            description = ''
              Private agent key.
            '';
          };
          publicKey = mkOption {
            type = types.str;
            description = ''
              Public agent key.
            '';
          };
        };
    };
  };

  config = mkIf config.services.buildkite-agent.enable {
    users.extraUsers.buildkite-agent =
      { name = "buildkite-agent";
        home = "/var/lib/buildkite-agent";
        createHome = true;
        description = "Buildkite agent user";
      };

    environment.systemPackages = [ pkgs.buildkite-agent ];

    systemd.services.buildkite-agent =
      { description = "Buildkite Agent";
        wantedBy = [ "multi-user.target" ];
        after = [ "network.target" ];
        environment.HOME = "/var/lib/buildkite-agent";
        preStart = ''
            ${pkgs.coreutils}/bin/mkdir -m 0700 -p /var/lib/buildkite-agent/.ssh

            if ! [ -f /var/lib/buildkite-agent/.ssh/id_rsa ]; then
              echo "${cfg.openssh.privateKey}" > /var/lib/buildkite-agent/.ssh/id_rsa
              ${pkgs.coreutils}/bin/chmod 600 /var/lib/buildkite-agent/.ssh/id_rsa
            fi

            if ! [ -f /var/lib/buildkite-agent/.ssh/id_rsa.pub ]; then
              echo "${cfg.openssh.publicKey}" > /var/lib/buildkite-agent/.ssh/id_rsa.pub
              ${pkgs.coreutils}/bin/chmod 600 /var/lib/buildkite-agent/.ssh/id_rsa.pub
            fi
          '';

        serviceConfig =
          { ExecStart = "${pkgs.buildkite-agent}/bin/buildkite-agent start --config ${configFile}";
            User = "buildkite-agent";
            RestartSec = 5;
            Restart = "on-failure";
            TimeoutSec = 10;
          };
      };
  };
}