{
  lib,
  ...
}:

let
  tempSensorOptions = (import ./suboptions/tempSensorOptions.nix) { inherit lib; };
  vulnixWhitelistRule = (import ./suboptions/vulnixWhitelistRule.nix) { inherit lib; };
in
{
  options.services.lego-monitoring = {
    enable = lib.mkEnableOption "lego-monitoring service";

    logLevel = lib.mkOption {
      type = lib.types.enum [
        "CRITICAL"
        "ERROR"
        "WARNING"
        "INFO"
        "DEBUG"
      ];
      default = "INFO";
      description = "Level of logging. INFO generates a log message with every check.";
    };

    enabledCheckSets = lib.mkOption {
      type = lib.types.listOf (lib.types.enum [
        "start"
        "stop"
        "remind"

        "cpu"
        "ram"
        "temp"

        "vulnix"
      ]);
      default = [ ];
      description = "List of enabled check sets. Each check set is a module which checks something and generates alerts based on check results.";
    };

    telegram = {
      credsSecretPath = lib.mkOption {
        type = lib.types.str;
        description = "Path to a file containing Telegram api_id, api_hash, and bot token, separated by the `,` character.";
      };
      roomId = lib.mkOption {
        type = lib.types.int;
        description = "ID of chat where to send alerts.";
      };
    };

    checks = {
      temp = {
        sensors = lib.mkOption {
          type = lib.types.attrsOf (lib.types.submodule tempSensorOptions);
          default = { };
          description = ''
            Temp sensor override definitions. Sensors not defined here, or missing options in definitions, will be read with default parameters.
            
            To get list of sensors and their default configurations, run `lego-monitoring --print-temp`.'';
          example = lib.literalExpression ''
            {
              amdgpu.readings.edge.label = "Integrated GPU";
              k10temp.readings = {
                Tctl = {
                  label = "AMD CPU";
                  criticalTemp = 95.0;
                };
                Tccd1.enabled = false;
                Tccd2.enabled = false;
              };
              nvme.readings = {
                "Sensor 1".enabled = false;
                "Sensor 2".enabled = false;
              };
            }'';
        };
      };

      vulnix = {
        whitelist = lib.mkOption {
          type = lib.types.attrsOf (lib.types.submodule vulnixWhitelistRule);
          default = { };
          description = "Whitelist rules for vulnix. Attr name is package with version, package name, or `*`.";
          example = lib.literalExpression ''
            {
              "ffmpeg-3.4.2" = {
                cve = [ "CVE-2018-6912" "CVE-2018-7557" ];
                until = "2018-05-01";
                issueUrl = "https://issues.example.com/29952";
              };
            }'';
        };
      };

      cpu = {
        warningPercentage = lib.mkOption {
          type = lib.types.nullOr lib.types.float;
          default = 80.0;
          description = "CPU load percentage for a warning alert to be sent. Null means never generate a CPU warning alert.";
        };
        criticalPercentage = lib.mkOption {
          type = lib.types.nullOr lib.types.float;
          default = 90.0;
          description = "CPU load percentage for a critical alert to be sent. Null means never generate a CPU critical alert.";
        };
      };

      ram = {
        warningPercentage = lib.mkOption {
          type = lib.types.nullOr lib.types.float;
          default = 80.0;
          description = "RAM usage percentage for a warning alert to be sent. Null means never generate a RAM warning alert.";
        };
        criticalPercentage = lib.mkOption {
          type = lib.types.nullOr lib.types.float;
          default = 90.0;
          description = "RAM usage percentage for a critical alert to be sent. Null means never generate a RAM critical alert.";
        };
      };
    };
  };
}