{ lib, config, ... }:
let
  cfg = config.services.grafana;
  secrets = config.age.secrets;
  fqdn = "${cfg.subdomain}.${config.networking.domain}";
in
{
  options.services.grafana = {
    subdomain = lib.mkOption {
      type = lib.types.str;
    };
  };

  config = lib.mkIf cfg.enable {
    services.grafana = {
      settings = {
        server = {
          root_url = "https://${fqdn}";
        };

        database = {
          host = "/var/run/postgresql";
          type = "postgres";
          user = "grafana";
        };

        smtp = {
          from_name = "Grafana";
          password = "$__file{${secrets.smtp-password.path}}";
        };
      };
    };

    services.prometheus = {
      enable = true;
      exporters.node.enable = true;
      scrapeConfigs = [
        {
          job_name = "node";
          static_configs = [
            { targets = [ "localhost:9100" ]; }
          ];
        }
      ];
    };

    services.webserver.vHosts.${fqdn}.locations."/".proxyPort = cfg.settings.server.http_port;

    services.postgresql = {
      enable = lib.mkDefault true;
      ensureDatabases = [ "grafana" ];
      ensureUsers = [{
        name = "grafana";
        ensureDBOwnership = true;
      }];
    };
  };
}