{ config, pkgs, lib, ... }:

with import <stockholm/lib>;
{
  options.lass.xjail = mkOption {
    type = types.attrsOf (types.submodule ({ config, ...}: {
      options = {
        name = mkOption {
          type = types.string;
          default = config._module.args.name;
        };
        user = mkOption {
          type = types.string;
          default = config.name;
        };
        groups = mkOption {
          type = types.listOf types.str;
          default = [];
        };
        from = mkOption {
          type = types.string;
          default = "lass";
        };
        display = mkOption {
          type = types.string;
          default = toString (genid_uint31 config._module.args.name);
        };
        dpi = mkOption {
          type = types.int;
          default = 90;
        };
        extraXephyrArgs = mkOption {
          type = types.str;
          default = "";
        };
        extraVglrunArgs = mkOption {
          type = types.str;
          default = "";
        };
        script = mkOption {
          type = types.path;
          default = pkgs.writeScript "echo_lol" "echo lol";
        };
        vglrun = mkOption {
          type = types.bool;
          default = false;
        };
        wm = mkOption {
          #TODO find type
          type = types.string;
          default = "${pkgs.writeHaskellPackage "xephyrify-xmonad" {
            executables.xmonad = {
              extra-depends = [
                "containers"
                "unix"
                "xmonad"
              ];
              text = /* haskell */ ''
                module Main where
                import XMonad
                import Data.Monoid
                import System.Posix.Process (executeFile)
                import qualified Data.Map as Map

                main :: IO ()
                main = do
                  xmonad def
                    { workspaces = [ "1" ]
                    , layoutHook = myLayoutHook
                    , keys = myKeys
                    , normalBorderColor  = "#000000"
                    , focusedBorderColor = "#000000"
                    , handleEventHook = myEventHook
                    }

                myEventHook :: Event -> X All

                myEventHook (ConfigureEvent { ev_event_type = 22 }) = do
                  spawn "${pkgs.xorg.xrandr}/bin/xrandr >/dev/null 2>&1"
                  return (All True)

                myEventHook _ = do
                  return (All True)

                myLayoutHook = Full
                myKeys _ = Map.fromList []
              '';
            };
          }}/bin/xmonad";
        };
      };
    }));
    default = {};
  };

  options.lass.xjail-bins = mkOption {
    type = types.attrsOf types.path;
  };

  # implementation
  config = let
    scripts = mapAttrs' (name: cfg:
      let
        newOrExisting = pkgs.writeDash "${cfg.name}-existing" ''
          DISPLAY=:${cfg.display} ${pkgs.xorg.xrandr}/bin/xrandr
          if test $? -eq 0; then
            echo using existing xephyr
            ${sudo_} "$@"
          else
            echo starting new xephyr
            ${xephyr_} "$@"
          fi
        '';
        xephyr_ = pkgs.writeDash "${cfg.name}-xephyr" ''
          ${pkgs.xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable -nolisten local -dpi ${toString cfg.dpi} ${cfg.extraXephyrArgs} :${cfg.display} &
          XEPHYR_PID=$!
          DISPLAY=:${cfg.display} ${cfg.wm} &
          WM_PID=$!
          ${sudo_} "$@"
          ${pkgs.coreutils}/bin/kill $WM_PID
          ${pkgs.coreutils}/bin/kill $XEPHYR_PID
        '';
        sudo_ = pkgs.writeDash "${cfg.name}-sudo" (if cfg.vglrun then ''
          /var/run/wrappers/bin/sudo -u ${cfg.name} -i ${vglrun_} "$@"
        '' else ''
          /var/run/wrappers/bin/sudo -u ${cfg.name} -i env DISPLAY=:${cfg.display} ${cfg.script} "$@"
        '');
        vglrun_ = pkgs.writeDash "${cfg.name}-vglrun" ''
          DISPLAY=:${cfg.display} ${pkgs.virtualgl}/bin/vglrun ${cfg.extraVglrunArgs} ${cfg.script} "$@"
        '';
      in nameValuePair name {
        existing = newOrExisting;
        xephyr = xephyr_;
        sudo = sudo_;
        vglrun = vglrun_;
      }
    ) config.lass.xjail;
  in {

    users.users = mapAttrs' (_: cfg:
      nameValuePair cfg.name {
        uid = genid cfg.name;
        home = "/home/${cfg.name}";
        useDefaultShell = true;
        createHome = true;
        extraGroups = cfg.groups;
      }
    ) config.lass.xjail;

    users.groups = mapAttrs' (_: cfg:
      nameValuePair cfg.name {
        members = [
          cfg.name
          cfg.from
        ];
      }
    ) config.lass.xjail;

    security.sudo.extraConfig = (concatStringsSep "\n" (mapAttrsToList (_: cfg:
      # TODO allow just the right script with sudo
      "${cfg.from} ALL=(${cfg.name}) NOPASSWD: ALL"
    ) config.lass.xjail));

    lass.xjail-bins = mapAttrs' (name: cfg:
      nameValuePair name (pkgs.writeScriptBin cfg.name ''
        ${scripts.${name}.existing} "$@"
      '')
    ) config.lass.xjail;
  };
}