package:

{
  config,
  lib,
  pkgs,
  ...
}:

{
  imports = [
    ./options.nix
  ];

  config = let
    cfg = config.services.lego-monitoring;
    json = pkgs.formats.json {};
    toml = pkgs.formats.toml {};

    # This monstrous incantation has the effect of converting the options to snake_case
    # and removing those that are null (because TOML does not support null values)
    vulnixWhitelistFile = toml.generate "vulnix-whitelist.toml" (lib.attrsets.filterAttrsRecursive (
      k: v: v != null
    ) (
      lib.mapAttrs (_: rule: {
        inherit (rule) cve until;
        issue_url = rule.issueUrl;
      }) cfg.checks.vulnix.whitelist
    ));

    serviceConfigFile = json.generate "config.json" {
      enabled_check_sets = cfg.enabledCheckSets;
      log_level = cfg.logLevel;
      alert_channels = {
        telegram = with cfg.alertChannels.telegram; if enable then
        {
          creds_secret_path = credsSecretPath;
          room_id = roomId;
        } else null;
        healthchecks = with cfg.alertChannels.healthchecks; if enable then {
          pinging_keys_secret_path = pingingKeysSecretPath;
          pinging_api_endpoint = pingingApiEndpoint;
        } else null;
      };
      checks = {
        temp.sensors = lib.mapAttrs (_: sensorCfg: {

          inherit (sensorCfg) name enabled;
          readings = lib.mapAttrs (_: readingCfg: {

            inherit (readingCfg) label enabled;
            warning_temp = readingCfg.warningTemp;
            critical_temp = readingCfg.criticalTemp;

          }) sensorCfg.readings;

        }) cfg.checks.temp.sensors;

        vulnix.whitelist_path = vulnixWhitelistFile;

        cpu = with cfg.checks.cpu; {
          warning_percentage = warningPercentage;
          critical_percentage = criticalPercentage;
        };

        ram = with cfg.checks.ram; {
          warning_percentage = warningPercentage;
          critical_percentage = criticalPercentage;
        };

        net.interfaces = lib.mapAttrs (_: interfaceCfg: {
          warning_threshold_sent_bytes = interfaceCfg.warningThresholdSentBytes;
          critical_threshold_sent_bytes = interfaceCfg.criticalThresholdSentBytes;
          warning_threshold_recv_bytes = interfaceCfg.warningThresholdRecvBytes;
          critical_threshold_recv_bytes = interfaceCfg.warningThresholdRecvBytes;
          warning_threshold_comb_bytes = interfaceCfg.warningThresholdCombBytes;
          critical_threshold_comb_bytes = interfaceCfg.criticalThresholdCombBytes;
        }) cfg.checks.net.interfaces;
      };
    };
  in lib.mkIf cfg.enable {
    systemd.services.lego-monitoring = {
      name = "lego-monitoring.service";
      description = "Lego-monitoring service";
      script = "${package}/bin/lego-monitoring -c ${serviceConfigFile}";
      wantedBy = [ "multi-user.target" ];
      serviceConfig = {
        Restart = "on-failure";
        RestartSec = "5";
      };
      unitConfig = {
        StartLimitIntervalSec = 20;
        StartLimitBurst = 3;
      };
    };
  };
}