{ config, lib, pkgs, ... }:
with lib;
let
  templates = role: {
    ap = _: ../salt/cpe/ap.sh;
    switch = model: ../salt/switches + "/${model}.expect";
  }.${role};
  replaceNetmasks = template:
    builtins.toFile (builtins.baseNameOf template) (
      builtins.replaceStrings [''{%- import_yaml "netmasks.yaml" as netmasks -%}''] [""] (
        builtins.readFile template
      )
    );
  expandTemplate = name: template: data:
    import ./salt-support/expand-template.nix {
      inherit pkgs;
    } name (replaceNetmasks template) data;
in
{
  options.site.device-scripts = mkOption {
    type = with types; attrsOf path;
  };
  options.site.all-device-scripts = mkOption {
    type = types.path;
  };

  config.site.device-scripts =
    builtins.mapAttrs (hostname: { role, model, ... }:
      expandTemplate "${hostname}.sh" (templates role model) ({
        inherit hostname;
        pillar = config.salt-pillar;
        netmasks = import ./netmasks.nix;
        logging = config.salt-pillar.hosts-inet.mgmt.logging;
      } // optionalAttrs (config.salt-pillar.switches ? ${hostname}) {
        switch = config.salt-pillar.switches.${hostname};
      } // optionalAttrs (config.salt-pillar.cpe ? ${hostname}) {
        conf = config.salt-pillar.cpe.${hostname};
      })
    ) (filterAttrs (_: { role, ... }:
      role == "ap" || role == "switch"
    ) config.site.hosts);

  config.site.all-device-scripts =
    pkgs.runCommandLocal "all-device-scripts" {} (
      ''
        mkdir -p $out/bin
      '' +
      builtins.concatStringsSep "\n" (
        map (hostname:
          "ln -s ${config.site.device-scripts.${hostname}} $out/bin/${hostname}.sh"
        ) (builtins.attrNames config.site.device-scripts)
      )
    );
}