{ config, pkgs, lib, ... }:
with lib;
let
  python-github-backup = pkgs.python3Packages.buildPythonApplication {
    name = "python-github-backup";
    src = pkgs.fetchFromGitHub {
      owner = "josegonzalez";
      repo = "python-github-backup";
      rev = "18e78a4d66120961590836e63d1fa939e4d036f3";
      sha256 = "1c5qxyv322z5zkx8mxdwdqrnjgqhk00aqcgwkn53b4xkfr2idkbn";
    };
    patches = [ ./ghbackup-179.patch ];
    propagatedBuildInputs = [ pkgs.git ];
  };
  token = (import /etc/nixos/secret/github_tokens.nix).backup;
  makeBackup = pkgs.writeScript "make-ghbackup" ''
    #!${pkgs.bash}/bin/bash

    set -e

    ${python-github-backup}/bin/github-backup m-labs -t ${token} --all -i -o /var/lib/ghbackup/m-labs
    ${python-github-backup}/bin/github-backup quartiq -t ${token} --all -i -o /var/lib/ghbackup/quartiq
    ${python-github-backup}/bin/github-backup sinara-hw -t ${token} --all -i -o /var/lib/ghbackup/sinara-hw

    echo GitHub backup done
  '';

  cfg = config.services.ghbackup;
in
{
  options.services.ghbackup = {
    enable = mkOption {
      type = types.bool;
      default = false;
      description = "Enable backups";
    };
  };

  config = mkIf cfg.enable {
    systemd.services.ghbackup = {
      description = "GitHub backup";
      serviceConfig = {
        Type = "oneshot";
        User = "ghbackup";
        Group = "ghbackup";
        ExecStart = "${makeBackup}";
      };
    };

    users.users.ghbackup = {
      name = "ghbackup";
      group = "ghbackup";
      description = "GitHub backups user";
      isSystemUser = true;
      createHome = true;
      home = "/var/lib/ghbackup";
      useDefaultShell = true;
    };
    users.extraGroups.ghbackup = {};

    systemd.timers.ghbackup = {
      description = "GitHub backup";
      wantedBy = [ "timers.target" ];
      timerConfig.OnCalendar = "daily";
    };
  };
}