{ config, lib, pkgs, ... }:

with lib;

let
  cfg = config.services.scan-to-gpg;
in {

  options = {
    services.scan-to-gpg = {
      enable = mkEnableOption "scan-to-gpg";
      gpgkey = mkOption {
        type = types.path;
        description = "Path to a file containing to GPG public key to encrypt to";
      };
    };
  };

  config = mkIf cfg.enable {

    systemd.services.scan-to-gpg = {
      description = "FTP server that saves uploaded files GPG encrypted";
      wantedBy = [ "multi-user.target" ];
      requires = [ "network.target" ];
      after = [ "network.target" ];

      serviceConfig = {
        type = "simple";
        ExecStart = "${getExe pkgs.scan-to-gpg} -host 0.0.0.0 -output /var/lib/scan-to-gpg -gpgkey ${cfg.gpgkey}";
        User = "scan-to-gpg";
        Group = "scan-to-gpg";
        StateDirectory = "scan-to-gpg";
        StateDirectoryMode = "775";
      };

    };

    users.users.scan-to-gpg = {
      isSystemUser = true;
      group = "scan-to-gpg";
    };

    users.groups.scan-to-gpg = {};

  };
}