{ config, pkgs, lib, ... }:
let
  cfg = config.services.mysqladm-rs;
  format = pkgs.formats.toml { };
in
{
  options.services.mysqladm-rs = {
    enable = lib.mkEnableOption "Enable mysqladm-rs";

    package = lib.mkPackageOption pkgs "mysqladm-rs" { };

    createLocalUser = lib.mkOption {
      type = lib.types.bool;
      default = false;
      description = "Create a local database user for mysqladm-rs";
    };

    settings = lib.mkOption {
      default = { };
      type = lib.types.submodule {
        freeformType = format.type;
        options  = {
          server = {
            socket_path = lib.mkOption {
              type = lib.types.path;
              default = "/var/run/mysqladm/mysqladm.sock";
              description = "Path to the MySQL socket";
            };
          };

          mysql = {
            host = lib.mkOption {
              type = lib.types.str;
              default = "localhost";
              description = "MySQL host";
            };
            port = lib.mkOption {
              type = lib.types.int;
              default = 3306;
              description = "MySQL port";
            };
            username = lib.mkOption {
              type = lib.types.str;
              default = "root";
              description = "MySQL username";
            };
            # passwordFile = lib.mkOption {
            #   type = lib.types.path;
            #   default = "secret";
            #   description = "Path to a file containing the MySQL password";
            # };
            password = lib.mkOption {
              type = lib.types.str;
              default = "secret";
              description = "MySQL password";
            };
            timeout = lib.mkOption {
              type = lib.types.int;
              default = 2;
              description = "Number of seconds to wait for a response from the MySQL server";
            };
          };
        };
      };
    };
  };

  config = let
    configFile = format.generate "mysqladm-rs.conf" cfg.settings;
  in lib.mkIf config.services.mysqladm-rs.enable {
    environment.systemPackages = [ cfg.package ];

    services.mysql.ensureUsers = lib.mkIf cfg.createLocalUser [
      {
        name = "mysqladm";
        ensurePermissions = {
          "mysql.*" = "SELECT, INSERT, UPDATE, DELETE";
          "information_schema.*" = "SELECT";
          "*.*" = "CREATE USER, GRANT OPTION";
        };
      }
    ];

    systemd.services."mysqladm@" = {
      description = "MySQL administration tool for non-admin users";
      # after = [ "mysql.target" ];
      environment.RUST_LOG = "debug";
      serviceConfig = {
        Type = "notify";
        ExecStart = "${lib.getExe cfg.package} server socket-activate --config ${configFile}";
        User = "mysqladm";
        Group = "mysqladm";
        DynamicUser = true;
      };
    };

    systemd.sockets."mysqladm" = {
      description = "MySQL administration tool for non-admin users";
      wantedBy = [ "sockets.target" ];
      restartTriggers = [ configFile ];
      socketConfig = {
        ListenStream = cfg.settings.server.socket_path;
        Accept = "yes";
        PassCredentials = true;
      };
    };
  };
}