{lib, config, pkgs, ... }:

with lib;

let
  cfg = config.services.python-ci;
in
{
  options.services.python-ci = {
    enable = mkEnableOption "Service de CI Nix écrit en Python";
  };

  config = mkIf cfg.enable {

    users.users = {
      python-ci = {
        isSystemUser = true;
        group = "nogroup";
        description = "Python CI user";
      };
    };

    systemd.services.python-ci = {
      description = "CI Nix en Python";
      requires = ["network-online.target"];
      wantedBy = ["multi-user.target"];
      environment = { HOME = "/var/lib/python-ci"; NIX_PATH = concatStringsSep ":" config.nix.nixPath; NIXPKGS_ALLOW_UNFREE = "1";};
      path = with pkgs;[ nix gnutar gzip ];
      serviceConfig = {
        User = "python-ci";
        StateDirectory = "python-ci";
        RuntimeDirectory = "python-ci";
        RuntimeDirectoryPreserve = "yes";
        ExecStart = with pkgs;
        let env = python3Packages.python.buildEnv.override {
          extraLibs = with python3Packages;[ pyramid python-gitlab setuptools ];
          ignoreCollisions = true;
        };
        in "${pkgs.writeShellScriptBin "run.sh" ''
          ${env}/bin/python ${pkgs.writeScript "python-ci.py" "${readFile ./python-ci.py}"} --port 52350 \
              --secret /var/lib/python-ci/secret --gitlab-token /var/lib/python-ci/gitlab_token \
              --gitea-token /var/lib/python-ci/gitea_token --output /run/python-ci
        ''}/bin/run.sh";
      };
    };

  };

}