{ lib, config, ... }:
let
  cfg = config.modules.services.grafana;
  secrets = config.age.secrets;
  fqdn = "${cfg.subdomain}.${config.networking.domain}";
in
{
  options.modules.services.grafana = {
    enable = lib.mkEnableOption "Enable Grafana";
    subdomain = lib.mkOption {
      type = lib.types.str;
    };
    config = lib.mkOption {
      type = lib.types.attrs;
    };
    port = lib.mkOption {
      type = lib.types.int;
      default = 3300;
    };
  };

  config = lib.mkIf cfg.enable {
    services.grafana = {
      enable = true;

      settings = {
        server = {
          root_url = "https://${fqdn}";
          http_port = cfg.port;
        };

        database = {
          host = "/var/run/postgresql";
          type = "postgres";
          user = "grafana";
        };

        smtp = {
          enabled = true;
          host = "horologium.uberspace.de";
          from_address = "noreply@freun.dev";
          from_name = "Vaultwarden";
          user = "noreply@freun.dev";
          password = "$__file{${secrets.smtp-password.path}}";
        };
      };
    };

    services.prometheus = {
      enable = true;
      exporters.node.enable = true;
      scrapeConfigs = [
        {
          job_name = "node";
          static_configs = [
            { targets = [ "localhost:9100" ]; }
          ];
        }
      ];
    };

    modules.services.webserver.vHosts.${fqdn}.locations."/".proxyPort = cfg.port;

    services.postgresql = {
      enable = lib.mkDefault true;
      ensureDatabases = [ "grafana" ];
      ensureUsers = [{
        name = "grafana";
        ensureDBOwnership = true;
      }];
    };
  };
}