{
  config,
  lib,
  namespace,
  ...
}:
with lib;
let
  cfg = config.${namespace}.services.restic;
in
{
  imports = [ ./options.nix ];

  config = mkIf cfg.enable {
    # Configure the standard NixOS restic server service
    services.restic.server = {
      enable = true;
      dataDir = cfg.dataDir;
      prometheus = cfg.prometheus;
      listenAddress = "${cfg.listenAddress}:${toString cfg.port}";
      extraFlags = cfg.extraFlags;
    }
    // optionalAttrs (cfg.htpasswdFile != null) {
      htpasswd-file = cfg.htpasswdFile;
    };

    # Open firewall for restic server if enabled
    networking.firewall = mkIf cfg.openFirewall {
      allowedTCPPorts = [ cfg.port ];
      allowedUDPPorts = [ cfg.port ];
    };
  };
}