flake: { lib, config, pkgs, ... }:
with lib;
let
  inherit (flake.packages.${pkgs.stdenv.hostPlatform.system}) icalproxy;
  
  cfg = config.services.icalproxy;
in {
  options.services.icalproxy = with types; {
    enable = mkEnableOption "icalproxy";
    calendarUrl = mkOption {
      type = str;
    };
    ignore = mkOption {
      type = submodule {
        options = {
          locationRegexes = mkOption {
            type = listOf str;
          };
          summaryRegexes = mkOption {
            type = listOf str;
          };
        };
      };
    };
    port = mkOption {
      type = str;
    };
    userTokens = mkOption {
      type = attrsOf (submodule {
        options = {
          hash = mkOption {
            type = str;
          };
          salt = mkOption {
            type = str;
          };
        };
      });
    };
  };

  config = mkIf cfg.enable {
    users.users.icalproxy = {
      description = "icalproxy service user";
      isSystemUser = true;
      group = "icalproxy";
    };

    users.groups.icalproxy = {};

    systemd.services.icalproxy = {
      wants = [ "network-online.target" ];
      wantedBy = [ "multi-user.target" ];
      environment = {
        CONFIG_FILE = pkgs.writeText "icalproxy-config.json" (builtins.toJSON {
          calendar_url = cfg.calendarUrl;
          ignore = {
            location_regexes = cfg.ignore.locationRegexes;
            summary_regexes = cfg.ignore.summaryRegexes;
          };
          port = cfg.port;
          user_tokens = cfg.userTokens;
        });
      };
      serviceConfig = {
        User = config.users.users.icalproxy.name;
        Group = config.users.users.icalproxy.group;
        Restart = "always";
        ExecStart = "${lib.getBin icalproxy}/bin/icalproxy";
      };
    };
  };
}