{ config, lib, pkgs, ... }:

with lib;

let
  cfg = config.clerie.monitoring;

  monitoringServer = "kaon.net.entr0py.de";
  networkBase = "fd00:23:23:23::";
  serverPubKey = "iHrvJyvIWnsAc2FuXBy1ATuj2hy1jek0C9MqFcisH0k=";

in

{
  options = {
    clerie.monitoring = {
      enable = mkEnableOption "clerie's Monitoring (with tweaks)";
      networkBase = mkOption {
          type = types.str;
          default = networkBase;
      };
      server = mkOption {
          type = types.str;
          default = monitoringServer;
      };
      serverPort = mkOption {
          type = types.int;
          default = 51820;
      };
      id = mkOption {
        type = types.str;
        description = "ID of the Monitoring Interface (it is actually a part of an ip address)";
      };
      serverPublicKey = mkOption {
          type = types.str;
          default = serverPubKey;
      };
      pubkey = mkOption {
        type = types.str;
        description = "Public Key of the monitoring wireguard interface of this host";
      };
      privKeyFile = mkOption {
          type = types.str;
          example = "/run/keys/keyfile";
      };
    };
  };
  
  config = mkIf cfg.enable {
    environment.systemPackages = with pkgs; [
        wireguard
        wireguard-tools
    ];
    networking.wireguard.enable = true;
    networking.wireguard.interfaces = {
      wg-monitoring = {
        ips = [ "${cfg.networkBase}${cfg.id}/64" ];
        peers = [
          {
            endpoint = "${cfg.server}:${toString cfg.serverPort}";
            persistentKeepalive = 25;
            allowedIPs = [ "${cfg.networkBase}/64" ];
            publicKey = "${cfg.serverPublicKey}";
          }
        ];
        privateKeyFile = "${cfg.privKeyFile}";
      };
    };

    services.prometheus.exporters.node = {
      enable = true;
      #listenAddress = "${monitoring-network-base}${cfg.id}";
      openFirewall = true;
      firewallFilter = "-i wg-monitoring -p tcp -m tcp --dport 9100";
    };
  };
}