{
  config,
  pkgs,
  lib,
  ...
}:

with lib;

let
  cfg = config.my.services.media-mgr;

  containersDefinition = {

    jackett = {
      enable = true;
      image = "linuxserver/jackett";
      autoStart = true;
      volumes = [
        "jackett_config:/config"
        "jackett_data:/data"
      ];
    };

    radarr = {
      enable = true;
      image = "linuxserver/radarr";
      autoStart = true;
      volumes = [
        "radarr_config:/config"
        "radarr_data:/data"
      ];
    };

    sonarr = {
      enable = true;
      image = "linuxserver/sonarr";
      autoStart = true;
      volumes = [
        "sonarr_config:/config"
        "sonarr_data:/data"
      ];
    };

    prowlarr = {
      enable = true;
      image = "linuxserver/prowlarr";
      autoStart = true;
      volumes = [ "prowlarr_config:/config" ];
    };
  };

  # Pod Definition
  podDefinition = {
    name = "download";
    ports = [
      "7878:7878" # : Radarr
      "8989:8989" # : Sonarr
      "9117:9117" # : Jackett
      "9696:9696" # : Prowlarr
    ];
    containers = containersDefinition;
  };

in
{
  options.my.services.media-mgr = {

    programs = {
      enable = lib.mkEnableOption "Enable the download manager stack";
    };

    exportMetrics = {
      enable = lib.mkEnableOption "Enable monitoring for the download manager stack";
    };

    proxy = {
      enable = lib.mkEnableOption "Set the proxy entry for this service";

      domain = lib.mkOption {
        default = "example.com";
        type = lib.types.str;
        description = ''
          The domain where Caddy is reachable
        '';
      };

      host = lib.mkOption {
        default = "localhost";
        type = lib.types.str;
        description = ''
          host name where the download manager stack is running
        '';
      };

    };

  };

  config = lib.mkMerge [

    # Services definition
    (lib.mkIf cfg.programs.enable {

      services = {

        # Indexer
        prowlarr = {
          enable = true;
          openFirewall = true;
        };

        # Movies
        radarr = {
          enable = true;
          openFirewall = true;
        };

        # TV Shows
        sonarr = {
          enable = true;
          openFirewall = true;
        };

        # Music
        lidarr = {
          enable = true;
          openFirewall = true;
        };

        # E-books
        readarr = {
          enable = true;
          openFirewall = true;
        };

      };

      # my.virtualisation.podmanPods = {
      #   inherit podDefinition;
      # };

      # virtualisation.oci-containers.containers =
      #   let
      #     pod = config.helpers.processContainers podDefinition;
      #   in
      #   pod.containers;

    })

    # Caddy for reverse proxy
    (lib.mkIf cfg.proxy.enable {
      services.caddy = with cfg.proxy; {
        virtualHosts."prowlarr.${domain}".extraConfig = ''
          reverse_proxy http://${host}:9696
          import cloudflare
        '';
        virtualHosts."radarr.${domain}".extraConfig = ''
          reverse_proxy http://${host}:7878
          import cloudflare
        '';
        virtualHosts."sonarr.${domain}".extraConfig = ''
          reverse_proxy http://${host}:8989
          import cloudflare
        '';
        virtualHosts."lidarr.${domain}".extraConfig = ''
          reverse_proxy http://${host}:8686
          import cloudflare
        '';
        virtualHosts."readarr.${domain}".extraConfig = ''
          reverse_proxy http://${host}:8787
          import cloudflare
        '';
      };
    })

    # Prometheus exporters
    (lib.mkIf cfg.exportMetrics.enable {

      users.groups.exportarr = { };
      users.users.exportarr = {
        group = "exportarr";
        isSystemUser = true;
      };

      age.secrets = {
        prowlarr-apiKey = {
          file = ../../secrets/prowlarr-apiKey.age;
          owner = "exportarr";
          group = "exportarr";
          mode = "770";
        };
      };
      age.secrets = {
        radarr-apiKey = {
          file = ../../secrets/radarr-apiKey.age;
          owner = "exportarr";
          group = "exportarr";
          mode = "770";
        };
      };
      age.secrets = {
        sonarr-apiKey = {
          file = ../../secrets/sonarr-apiKey.age;
          owner = "exportarr";
          group = "exportarr";
          mode = "770";
        };
      };
      age.secrets = {
        lidarr-apiKey = {
          file = ../../secrets/lidarr-apiKey.age;
          owner = "exportarr";
          group = "exportarr";
          mode = "770";
        };
      };
      age.secrets = {
        readarr-apiKey = {
          file = ../../secrets/readarr-apiKey.age;
          owner = "exportarr";
          group = "exportarr";
          mode = "770";
        };
      };

      services.prometheus.exporters = {
        exportarr-prowlarr = {
          enable = true;
          url = "http://arr.internal:9696";
          port = 9701;
          apiKeyFile = config.age.secrets.prowlarr-apiKey.path;
        };
        exportarr-radarr = {
          enable = true;
          url = "http://arr.internal:7878";
          port = 9702;
          user = "exportarr";
          group = "exportarr";
          apiKeyFile = config.age.secrets.radarr-apiKey.path;
        };
        exportarr-sonarr = {
          enable = true;
          url = "http://arr.internal:8989";
          port = 9703;
          apiKeyFile = config.age.secrets.sonarr-apiKey.path;
        };
        exportarr-lidarr = {
          enable = true;
          url = "http://arr.internal:8686";
          port = 9704;
          apiKeyFile = config.age.secrets.lidarr-apiKey.path;
        };
        exportarr-readarr = {
          enable = true;
          url = "http://arr.internal:8787";
          port = 9705;
          apiKeyFile = config.age.secrets.readarr-apiKey.path;
        };
      };
    })

  ];
}