{ pkgs, lib, currentSystem, ... }:

let
  nix-cleanup = pkgs.writeShellScriptBin "nix-cleanup" ''
    set -eu

    # Delete everything from this profile that isn't currently needed
    nix-env --delete-generations old

    # Delete generations older than a week
    nix-collect-garbage
    nix-collect-garbage --delete-older-than 7d

    # Optimize
    nix-store --gc --print-dead
    nix-store --optimise
  '';

  colmena-remote = pkgs.writeShellScriptBin "colmena-remote" ''
    set -euo xtrace

    NIXFILES="`git rev-parse --show-toplevel`/"
    SSH_HOST="''${HOST:-briefkasten.ctu.cx}"

    rsync -Pavh $NIXFILES $SSH_HOST:/home/katja/nixfiles/
    ssh -A -S none $SSH_HOST nix shell nixpkgs#colmena --command colmena -f ./nixfiles/flake.nix "$@"
  '';

  backupToSSD = pkgs.writeShellScriptBin "backupToSSD" ''
    set -euo pipefail
    IFS=$'\n\t'

    function repeatCharacter {
      local count="$1";
      local character="$2";

      for (( i = 0; i < "$count"; ++i ))
      do
        echo -n "$character";
      done
      echo "";
    }

    function printEnd {
      echo "";
    }

    function printStep {
      repeatCharacter $(expr ''${#1} + 3) "#";
      echo -e "$1";
      repeatCharacter $(expr ''${#1} + 3) "#";
    }

    function checkRequirements {
      # check if root
      if [ "$USER" != "root" ]; then
        echo "This script needs to be executed by root!";
        exit;
      fi

      # check for disk
      if [ ! -e /dev/disk/by-uuid/f5e319eb-a68b-4b21-9154-73404acb8bd1 ]; then
        echo "Backup drive is not connected!";
        exit;
      fi
    }

    function mountDrive {
      printStep "Mount backup-drive!"

      mkdir -p /mnt/backup;
      ${pkgs.cryptsetup}/bin/cryptsetup luksOpen /dev/disk/by-uuid/f5e319eb-a68b-4b21-9154-73404acb8bd1 backup;
      mount /dev/mapper/backup /mnt/backup;

      printEnd;
    }

    function unmountDrive {
      sync;
      if grep -qs '/dev/mapper/backup ' /proc/mounts; then
        printStep "Unmount backup-drive!";
        umount /dev/mapper/backup;
        ${pkgs.cryptsetup}/bin/cryptsetup luksClose backup;
        sync;
      fi
      echo "done!";
    }

    function copyResticRepos {
      printStep "Copying /var/lib/restic to the backup-drive";

      ${pkgs.rsync}/bin/rsync -ah --partial --delete --info=progress2 /nix/persist/var/lib/restic/ /mnt/backup/restic-servers/;
      sync;

      printEnd;
    }

    function resticBackupFolder {
      printStep "Backing up '$2' to the backup-drive";

      mkdir -p /mnt/backup/restic-$HOSTNAME;

      # check if password-file exists, if not create it
      if [ ! -e /mnt/backup/restic-$HOSTNAME/$1.restic-passwd ]; then
        echo -e "$(${pkgs.pwgen}/bin/pwgen -N1 -B 32)" > /mnt/backup/restic-$HOSTNAME/$1.restic-passwd;
        sync;
      fi

      # check if restic repo is initialized, if not initialize it
      if ! ${pkgs.restic}/bin/restic --cleanup-cache --password-file  /mnt/backup/restic-$HOSTNAME/$1.restic-passwd --repo /mnt/backup/restic-$HOSTNAME/$1 snapshots &>/dev/null; then
        ${pkgs.restic}/bin/restic --quiet --cleanup-cache --password-file  /mnt/backup/restic-$HOSTNAME/$1.restic-passwd --repo /mnt/backup/restic-$HOSTNAME/$1 \
          init;
        sync;
      fi;

      #do the backup
      ${pkgs.restic}/bin/restic --cleanup-cache --password-file  /mnt/backup/restic-$HOSTNAME/$1.restic-passwd --repo /mnt/backup/restic-$HOSTNAME/$1 \
        backup $2;
      sync;

      #cleanup
      ${pkgs.restic}/bin/restic --cleanup-cache --password-file  /mnt/backup/restic-$HOSTNAME/$1.restic-passwd --repo /mnt/backup/restic-$HOSTNAME/$1 \
        forget --keep-within-daily 14d --keep-within-weekly 2m --keep-within-monthly 2y --keep-within-yearly 99y;
      ${pkgs.restic}/bin/restic --cleanup-cache --password-file  /mnt/backup/restic-$HOSTNAME/$1.restic-passwd --repo /mnt/backup/restic-$HOSTNAME/$1 \
        prune;
      sync;

      printEnd;
    }

    trap unmountDrive EXIT;
    checkRequirements;
    mountDrive;

    copyResticRepos;

    #restic backups
    resticBackupFolder audiobooks /nix/persist/home/katja/syncthing/Audiobooks;
    resticBackupFolder bahn-richtlinien /nix/persist/home/katja/syncthing/Bahn-Richtlinien;
    resticBackupFolder documents /nix/persist/home/katja/syncthing/Documents;
    resticBackupFolder media-legacy /nix/persist/home/katja/syncthing/Media\ \(legacy\);
    resticBackupFolder music /nix/persist/home/katja/syncthing/Music;
    resticBackupFolder music-originals /nix/persist/home/katja/syncthing/Music\ \(Originals\);
    resticBackupFolder pictures /nix/persist/home/katja/syncthing/Pictures;
    resticBackupFolder videos /nix/persist/home/katja/syncthing/Videos;
    resticBackupFolder wiki /nix/persist/home/katja/syncthing/Wiki;
  '';

in {

  home-manager.users.katja.home.packages = [ nix-cleanup colmena-remote ] ++ lib.optionals ( currentSystem == "x86_64-linux") [
    backupToSSD
  ];

}