# KAWA OS - Module NixOS
# Configuration automatique pour rejoindre le mesh KAWA

{ config, lib, pkgs, ... }:

with lib;

let
  cfg = config.services.kawa;
in
{
  options.services.kawa = {
    enable = mkEnableOption "KAWA mesh network";
    
    hostname = mkOption {
      type = types.str;
      default = "";
      description = "Hostname personnalisé pour le nœud KAWA";
    };
    
    headscaleUrl = mkOption {
      type = types.str;
      default = "https://headscale.du-senegal.com";
      description = "URL du serveur Headscale";
    };
    
    headscaleFallback = mkOption {
      type = types.str;
      default = "http://141.94.23.212";
      description = "URL de fallback du serveur Headscale";
    };
    
    authKey = mkOption {
      type = types.str;
      default = "f43f36ef159b3df799eb316b81bdac1b415c7cc2add174d0";
      description = "Clé d'authentification Headscale";
    };
    
    autoConnect = mkOption {
      type = types.bool;
      default = true;
      description = "Connexion automatique au mesh au démarrage";
    };
    
    # Services KAWA
    enableNats = mkOption {
      type = types.bool;
      default = true;
      description = "Activer le client NATS";
    };
    
    enableSyncthing = mkOption {
      type = types.bool;
      default = true;
      description = "Activer Syncthing pour la synchronisation";
    };
    
    enableOllama = mkOption {
      type = types.bool;
      default = false;
      description = "Activer Ollama pour l'inférence locale";
    };
  };

  config = mkIf cfg.enable {
    # Tailscale configuration
    services.tailscale = {
      enable = true;
      extraUpFlags = [
        "--login-server=${cfg.headscaleUrl}"
        "--authkey=${cfg.authKey}"
        "--hostname=${if cfg.hostname != "" then cfg.hostname else "kawa-${config.networking.hostName}"}"
      ];
    };
    
    # NATS client
    services.nats = mkIf cfg.enableNats {
      enable = true;
      server = "100.64.0.1:4222";
    };
    
    # Syncthing
    services.syncthing = mkIf cfg.enableSyncthing {
      enable = true;
      user = "kawa";
      group = "kawa";
      config = {
        folders = {
          "kawa-memory" = {
            path = "/home/kawa/.local/share/kawa/memory";
            devices = [ "vps-7ed4abb0" ];
          };
          "kawa-workspace" = {
            path = "/home/kawa/.local/share/kawa/workspace";
            devices = [ "vps-7ed4abb0" ];
          };
          "kawa-forge" = {
            path = "/home/kawa/.local/share/kawa/forge";
            devices = [ "vps-7ed4abb0" ];
          };
        };
      };
    };
    
    # Ollama (optionnel)
    services.ollama = mkIf cfg.enableOllama {
      enable = true;
      acceleration = false; # À activer si GPU disponible
    };
    
    # Utilisateur KAWA
    users.users.kawa = {
      isNormalUser = true;
      description = "KAWA Node User";
      extraGroups = [ "wheel" "networkmanager" "tailscale" ];
    };
    
    # Firewall
    networking.firewall = {
      allowedTCPPorts = [ 22 4222 22000 ];
      allowedUDPPorts = [ 41641 22000 ];
      trustedInterfaces = [ "tailscale0" ];
    };
    
    # Environment packages
    environment.systemPackages = with pkgs; [
      tailscale
      natscli
      syncthing
      git
      curl
      wget
    ];
    
    # Systemd service pour la connexion automatique
    systemd.services.kawa-connect = mkIf cfg.autoConnect {
      description = "KAWA Mesh Auto-Connect";
      after = [ "network-online.target" "tailscale.service" ];
      wants = [ "network-online.target" ];
      wantedBy = [ "multi-user.target" ];
      serviceConfig = {
        Type = "oneshot";
        ExecStart = "${pkgs.tailscale}/bin/tailscale up --login-server=${cfg.headscaleUrl} --authkey=${cfg.authKey} --force-reauth";
        RemainAfterExit = true;
      };
    };
  };
}