{ config, lib, pkgs, ... }:

with lib;

let
  pam-rule = pkgs.lib.mkDefault (pkgs.lib.mkBefore
    ''
    auth sufficient pam_unix.so try_first_pass nullok
    auth sufficient ${config.services.howdy.package}/lib/security/pam_howdy.so
    '');
  pam-sudo-rule = pkgs.lib.mkDefault (pkgs.lib.mkBefore
    ''
    auth sufficient ${config.services.howdy.package}/lib/security/pam_howdy.so
    '');
  cfg = config.services.howdy;
  irCfg = config.services.linux-enable-ir-emitter;
  settingsType = pkgs.formats.ini { };
in {
  options = {
    services.howdy = {
      enable = mkOption {
        type = types.bool;
        default = false;
        description = ''
          Whether to enable howdy and PAM module for face recognition.
        '';
      };

      package = mkOption {
        type = types.package;
        default = pkgs.howdy;
        defaultText = "pkgs.howdy";
        description = ''
          Howdy package to use.
        '';
      };

      settings = mkOption {
        inherit (settingsType) type;
        default = import ./config.nix;
        description = mdDoc ''
          Howdy configuration file. Refer to
          <https://github.com/boltgolt/howdy/blob/beta/howdy/src/config.ini>
          for options.
        '';
      };
    };
    services.linux-enable-ir-emitter = {
      enable = mkEnableOption (mdDoc "") // {
        description = mdDoc ''
          Whether to enable IR emitter hardware. Designed to be used with the
          Howdy facial authentication. After enabling the service, configure
          the emitter with `sudo linux-enable-ir-emitter configure`.
        '';
      };

      package = mkPackageOptionMD pkgs "linux-enable-ir-emitter" {} // {
        description = mdDoc ''
          Package to use for the Linux Enable IR Emitter service.
        '';
      };

      device = mkOption {
        type = types.str;
        default = "video2";
        description = mdDoc ''
          IR camera device to depend on. For example, for `/dev/video2`
          the value would be `video2`. Find this with the command
          {command}`realpath /dev/v4l/by-path/<generated-driver-name>`.
        '';
      };
    };
  };

  config = mkIf cfg.enable {
    # environment.systemPackages = [ cfg.package pkgs.ir_toggle ];
    # environment.etc."howdy/config.ini".source = configINI;
    # security.pam.services = {
    #   sudo.text = pam-rule; # Sudo
    #   login.text = pam-rule; # User login
    #   polkit-1.text = pam-rule; # PolKit
    #   i3lock.text = pam-rule; # i3lock
    # };
    # powerManagement.resumeCommands =
    #   "${pkgs.ir_toggle}/bin/chicony-ir-toggle on";
    # services.udev.packages = [ pkgs.ir_toggle ];






    environment.systemPackages = [ cfg.package irCfg.package ];

    security.pam.services = {
      sudo.text = pam-sudo-rule; # Sudo
      login.text = pam-rule; # User login
      polkit-1.text = pam-rule; # PolKit
      swaylock.text = pam-rule; # i3lock
      # gdm-password.text = pam-rule; # i3lock
    };

    systemd.services.linux-enable-ir-emitter = rec {
      description = "Enable the infrared emitter";
      script = "${getExe irCfg.package} run";

      wantedBy = [
        "multi-user.target"
        "suspend.target"
        "hybrid-sleep.target"
        "hibernate.target"
        "suspend-then-hibernate.target"
      ];
      after = wantedBy ++ [ "dev-${irCfg.device}.device" ];
    };

    systemd.tmpfiles.rules = [
      "d /var/lib/linux-enable-ir-emitter 0755 root root - -"
    ];
    environment.etc."linux-enable-ir-emitter".source = "/var/lib/linux-enable-ir-emitter";
    environment.etc."howdy/config.ini".source = settingsType.generate "howdy-config.ini" cfg.settings;
  };
}