{
    config,
    lib,
    pkgs,
    ...
}: with lib; let 
    cfg = config.services.anki-sync-server;
in {
    options.services.anki-sync-server = {
        enable = mkEnableOption (lib.mdDoc "anki-sync-server");

        package = mkOption {
            type = types.package;
            default = pkgs.anki-bin;
            description = lib.mdDoc "The package to use for the anki sync server.";
        };

        host = mkOption {
            type = types.str;
            default = "localhost";
            description = lib.mdDoc "anki-sync-server host";
        };

        port = mkOption {
            type = types.port;
            default = 27701;
            description = lib.mdDoc "anki-sync-server port";
        };

        openFirewall = mkOption {
            default = false;
            type = types.bool;
            description = lib.mdDoc "Whether to open the firewall for the specified port.";
        };
    };

    config = mkIf cfg.enable {
        networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ];

        systemd.services.anki-sync-server = {
            description = "Selfhosted Anki sync server.";
            after = [ "network.target" ];
            wantedBy = [ "multi-user.target" ];
            path = [ cfg.package ];

            serviceConfig = {
                Type = "simple";
                DynamicUser = true;
                StateDirectory = "anki-sync-server";
                ExecStart = "${cfg.package}/bin/anki --syncserver";
                Environment = ''SYNC_BASE="/var/lib/anki-sync-server" SYNC_HOST="${cfg.host}" SYNC_PORT="${cfg.port}"'';
                EnvironmentFile = config.age.secrets.anki-user-credentials.path;
                Restart = "always";
            };
        };
    };
}