{ config, pkgs, ... }:

let
  statsDir = "/run/adsb-feed";
in {
  boot.blacklistedKernelModules = [
    # no watching TV intended
    "dvb_usb_rtl28xxu"
  ];
  users.users.readsb = {
    isSystemUser = true;
    group = "adsb";
  };
  users.groups.adsb = {};
  systemd.tmpfiles.rules = [
    "d ${statsDir} 0755 readsb adsb -"
  ];
  systemd.services.readsb = {
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      ExecStart = "${pkgs.readsb}/bin/readsb --modeac --aggressive --fix --stats-range --dcfilter --quiet --gain=-10 --lon=13.728 --lat=51.081 --write-output=${statsDir} --net --net-ro-port=30002 --net-sbs-port=30003 --net-bo-port=30005 --net-vrs-port=30006 --net-beast-reduce-interval 1 --net-connector feed.adsbexchange.com,30005,beast_reduce_out";
      User = "readsb";
      Group = "adsb";
      ProtectSystem = "full";
      ProtectHome = true;
      ReadWritePaths = statsDir;
      Restart = "always";
      RestartSec = "10s";
    };
  };

  users.users.sbs2json = {
    isSystemUser = true;
    group = "adsb";
  };
  # SHIM because readsb has no web server like dump1090
  systemd.services.sbs2json = {
    wantedBy = [ "multi-user.target" ];
    requires = [ "readsb.service" ];
    serviceConfig = {
      ExecStart = "${pkgs.ruby}/bin/ruby ${./sbs2json.rb}";
      User = "sbs2json";
      Group = "adsb";
      ProtectSystem = "full";
      ProtectHome = true;
      Restart = "always";
      RestartSec = "10s";
    };
  };

  users.users.dump1090-influxdb = {
    isSystemUser = true;
    group = "adsb";
  };
  systemd.services.dump1090-influxdb = {
    wantedBy = [ "multi-user.target" ];
    requires = [ "readsb.service" ];
    serviceConfig = {
      ExecStart = "${pkgs.dump1090-influxdb}/bin/dump1090-influxdb";
      User = "dump1090-influxdb";
      Group = "adsb";
      ProtectSystem = "full";
      ProtectHome = true;
      Restart = "always";
      RestartSec = "10s";
    };
  };

  environment.systemPackages = with pkgs; [
    dump1090_sdrplus
    readsb
  ];
}