{ lib, config, ... }:
let
  nixosModules = config.flake.modules.nixos;

  resolvePackagePath =
    {
      pkgs,
      path,
    }:
    lib.attrByPath path null pkgs;

  mkCaddyReverseProxy =
    {
      domain,
      port,
      extraHeaders ? [ ],
      extraConfigText ? "",
    }:
    let
      headerLines = map (header: "  header_up ${header.name} ${header.value}") extraHeaders;
      extraConfigLines = map (line: "  ${line}") (
        lib.filter (line: line != "") (lib.splitString "\n" extraConfigText)
      );
      bodyLines = headerLines ++ extraConfigLines;
      body = lib.concatStringsSep "\n" bodyLines;
    in
    {
      services.caddy.virtualHosts.${domain}.extraConfig =
        if body == "" then
          "reverse_proxy :${toString port}"
        else
          ''
              reverse_proxy :${toString port} {
            ${body}
              }
          '';
    };

  mkHost =
    machine:
    { pkgs, ... }:
    let
      account = config.repo.account;
    in
    {
      imports = [
        nixosModules.${machine.name}
      ];

      meta.machine = machine;

      networking.hostName = machine.name;
      system.stateVersion = machine.stateVersion;

      programs.zsh.enable = true;

      users.users.${account.name} = {
        isNormalUser = true;
        home = account.homeDirectory;
        extraGroups = [
          "wheel"
          "networkmanager"
        ];
        shell = pkgs.zsh;
      };

      home-manager.users.${account.name} = {
        home = {
          username = account.name;
          homeDirectory = account.homeDirectory;
          stateVersion = machine.hmStateVersion;
        };
      };
    };
in
{
  options.repo.helpers = lib.mkOption {
    type = lib.types.attrsOf lib.types.raw;
    internal = true;
    readOnly = true;
  };

  config.repo.helpers = {
    inherit
      mkCaddyReverseProxy
      mkHost
      resolvePackagePath
      ;
  };
}