{ config, lib, ... }:

with lib;
let
  cfg = config.permafrost.syncthing;
in
{
  options.permafrost.syncthing = {
    enable = mkEnableOption "syncthing";
  };

  config = mkIf cfg.enable {
    sops.secrets."syncthing/key" = { };
    sops.secrets."syncthing/cert" = { };

    networking.firewall.allowedTCPPorts = [
      8384 # web gui port
    ];

    services.syncthing =
      let dataDir = config.services.syncthing.dataDir;
      in {
        enable = true;

        user = "syncthing";
        group = "syncthing";

        dataDir = "/home/syncthing";
        configDir = dataDir + "/config";

        key = config.sops.secrets."syncthing/key".path;
        cert = config.sops.secrets."syncthing/cert".path;

        overrideFolders = true;
        overrideDevices = true;

        guiAddress = "0.0.0.0:8384";
        openDefaultPorts = true;

        settings = {
          devices = {
            snowhawk.id = "3KTMCOY-BUHLO4J-BMXBLEF-CFSXCS3-4YVOBTS-GKZMKNS-STR7CTT-37S2OQ2";
            lynx.id = "O7EB4D6-AH4A53X-YM6UE7K-T3CJGIZ-MRJ6J7U-DXTEOKB-Z7LSV2M-LVUWFAO";
            sprite.id = "IS2F2X5-43F7B2Q-SVSNY4J-GOHU5XP-NSJ2MJS-GDDNNTR-BGPQHHE-TE4JDAX";
          };

          folders = {
            "obsidian" = rec {
              id = "obsidian";
              label = id;
              path = dataDir + "/obsidian";
              devices = [ "snowhawk" "lynx" "sprite" ];
            };
            "sync" = {
              id = "default";
              label = "sync";
              path = dataDir + "/sync";
              devices = [ "lynx" ];
            };
          };

          gui.theme = "dark";

          options = {
            urAccepted = -1;
            localAnnounceEnabled = false;
            relaysEnabled = true;
          };
        };
      };
  };
}