# NixOS Module Template
# This is a template for creating new NixOS modules in m3ta-nixpkgs
# Copy this template and modify it for your specific module
{
  config,
  lib,
  pkgs,
  ...
}:
with lib; let
  cfg = config.m3ta.myModule; # Replace 'myModule' with your module name
in {
  # Define options that users can set in their configuration
  options.m3ta.myModule = {
    enable = mkEnableOption "my custom module"; # Replace with your module description

    # Example: String option
    package = mkOption {
      type = types.package;
      default = pkgs.hello; # Replace with your default package
      defaultText = literalExpression "pkgs.hello";
      description = "The package to use for this module";
    };

    # Example: String option
    dataDir = mkOption {
      type = types.path;
      default = "/var/lib/mymodule";
      description = "Directory where data will be stored";
    };

    # Example: Port number
    port = mkOption {
      type = types.port;
      default = 8080;
      description = "Port to listen on";
    };

    # Example: String option
    user = mkOption {
      type = types.str;
      default = "mymodule";
      description = "User account under which the service runs";
    };

    # Example: Group option
    group = mkOption {
      type = types.str;
      default = "mymodule";
      description = "Group under which the service runs";
    };

    # Example: Boolean option
    openFirewall = mkOption {
      type = types.bool;
      default = false;
      description = "Whether to open the firewall for the service port";
    };

    # Example: List of strings
    extraArgs = mkOption {
      type = types.listOf types.str;
      default = [];
      example = ["--verbose" "--debug"];
      description = "Additional command-line arguments to pass";
    };

    # Example: Attribute set (key-value pairs)
    settings = mkOption {
      type = types.attrs;
      default = {};
      example = literalExpression ''
        {
          logLevel = "info";
          timeout = 30;
        }
      '';
      description = "Configuration settings as attribute set";
    };
  };

  # Define what happens when the module is enabled
  config = mkIf cfg.enable {
    # Create a system user
    users.users.${cfg.user} = {
      isSystemUser = true;
      group = cfg.group;
      home = cfg.dataDir;
      createHome = true;
      description = "My module service user";
    };

    users.groups.${cfg.group} = {};

    # Define a systemd service
    systemd.services.mymodule = {
      description = "My Custom Module Service";
      wantedBy = ["multi-user.target"];
      after = ["network.target"];

      serviceConfig = {
        Type = "simple";
        User = cfg.user;
        Group = cfg.group;
        WorkingDirectory = cfg.dataDir;
        ExecStart = "${cfg.package}/bin/myprogram ${concatStringsSep " " cfg.extraArgs}";
        Restart = "on-failure";
        RestartSec = 5;

        # Security hardening
        PrivateTmp = true;
        NoNewPrivileges = true;
        ProtectSystem = "strict";
        ProtectHome = true;
        ReadWritePaths = [cfg.dataDir];
      };
    };

    # Open firewall if requested
    networking.firewall = mkIf cfg.openFirewall {
      allowedTCPPorts = [cfg.port];
    };

    # Add package to system packages (optional)
    environment.systemPackages = [cfg.package];

    # Example: Create configuration file
    # environment.etc."mymodule/config.json".text = builtins.toJSON cfg.settings;
  };

  # Module metadata
  meta = {
    maintainers = with lib.maintainers; []; # Add your name if in nixpkgs
    doc = ./default.md; # Optional: Link to documentation
  };
}