{ lib, config, pkgs, dump1090afg, ... }:
with lib;
let
  # Shorter name to access final settings a 
  # user of hello.nix module HAS ACTUALLY SET.
  # cfg is a typical convention.
  cfg = config.services.dump1090afg;
in
{

  options.services.dump1090afg = {
    enable = mkEnableOption "dump1090afg service";
    package = mkOption {
      default = dump1090afg.x86_64-linux.cross-armv6l-linux;
      type = types.package;
    };
    user = mkOption {
      type = types.str;
      default = "afg";
    };
    domain = mkOption {
      type = types.str;
      default = "localhost";
    };
    enableSSL = mkEnableOption "use let's encrypt SSL certs for dump1090afg";
  };


  config = mkIf cfg.enable {
    # List packages installed in system profile. To search, run:
    # $ nix search wget
    environment.systemPackages = [
      cfg.package
    ];

    hardware.rtl-sdr.enable = true;

    systemd.services.dump1090afg = {
      wantedBy = [ "multi-user.target" ];
      wants = [ "network.target" ];
      after = [ "network.target" ];
      description = "dump1090afg service";
      serviceConfig = {
        Type = "exec";
        User = cfg.user;
        RuntimeMaxSec="1d";
        Restart = "always";
        RestartSec = "3s";
        StartLimitIntervalSec = "0";
        RuntimeDirectory = "dump1090-afg";
      };
      script = ''
        exec ${cfg.package}/bin/dump1090-afg --write-json /var/run/dump1090-afg --quiet
      '';
    };

    services.nginx = {
      enable = true;
      virtualHosts."${cfg.domain}" = {
        root = "${cfg.package}/share/dump1090-afg";
        locations."/data/".alias = "/var/run/dump1090-afg/";
        enableACME = cfg.enableSSL;
        forceSSL = cfg.enableSSL;
      };
    };
  };

}