{ config, lib, pkgs, ... }:

let
  cfg = config.services.metricstor;
in
{
  options.services.metricstor = {
    enable = lib.mkEnableOption "metricstor service";

    httpPort = lib.mkOption {
      type = lib.types.port;
      default = 9090;
      description = "Port for Prometheus-compatible HTTP API (remote_write and query)";
    };

    grpcPort = lib.mkOption {
      type = lib.types.port;
      default = 9091;
      description = "Port for gRPC API";
    };

    dataDir = lib.mkOption {
      type = lib.types.path;
      default = "/var/lib/metricstor";
      description = "Data directory for metricstor";
    };

    retentionDays = lib.mkOption {
      type = lib.types.int;
      default = 15;
      description = "Number of days to retain metrics data";
    };

    settings = lib.mkOption {
      type = lib.types.attrs;
      default = {};
      description = "Additional configuration settings";
    };

    package = lib.mkOption {
      type = lib.types.package;
      default = pkgs.metricstor-server or (throw "metricstor-server package not found");
      description = "Package to use for metricstor";
    };
  };

  config = lib.mkIf cfg.enable {
    # Create system user
    users.users.metricstor = {
      isSystemUser = true;
      group = "metricstor";
      description = "Metricstor service user";
      home = cfg.dataDir;
    };

    users.groups.metricstor = {};

    # Create systemd service
    systemd.services.metricstor = {
      description = "Metricstor Prometheus-Compatible Metrics Storage";
      wantedBy = [ "multi-user.target" ];
      after = [ "network.target" ];

      serviceConfig = {
        Type = "simple";
        User = "metricstor";
        Group = "metricstor";
        Restart = "on-failure";
        RestartSec = "10s";

        # State directory management
        StateDirectory = "metricstor";
        StateDirectoryMode = "0750";

        # Security hardening
        NoNewPrivileges = true;
        PrivateTmp = true;
        ProtectSystem = "strict";
        ProtectHome = true;
        ReadWritePaths = [ cfg.dataDir ];

        # Start command
        # Note: metricstor-server uses a config file, so we'll pass data-dir directly
        # The config will be auto-generated or use defaults from Config::default()
        ExecStart = "${cfg.package}/bin/metricstor-server";

        # Environment variables for configuration
        Environment = [
          "METRICSTOR_HTTP_ADDR=0.0.0.0:${toString cfg.httpPort}"
          "METRICSTOR_GRPC_ADDR=0.0.0.0:${toString cfg.grpcPort}"
          "METRICSTOR_DATA_DIR=${cfg.dataDir}"
          "METRICSTOR_RETENTION_DAYS=${toString cfg.retentionDays}"
        ];
      };
    };
  };
}