{ pkgs, ... }:

let
  name = "mikrotik-exporter";
  user = name;
  group = name;

  prepare-secrets = pkgs.writeShellScript "${name}-secrets"  ''
    ${pkgs.coreutils}/bin/install --owner=${user} --mode=500 --directory /mnt/secrets/${name}
    ${pkgs.coreutils}/bin/install --owner=${user} --mode=400 -t /mnt/secrets/${name} \
      /etc/nixos/secrets/${name}/ap.yml
  '';
in {
  users.users."${user}" = {
    group           = "${group}";
    isSystemUser = true;
    uid = 1003;
  };
  users.groups."${group}" = {};

  systemd.services."${name}" = {
    description = "Mikrotik prometheus exporter";
    wantedBy    = [ "multi-user.target" ];
    serviceConfig.Type = "simple";
    serviceConfig.ExecStartPre = [ "!${prepare-secrets}" ];
    serviceConfig.ExecStart = "${pkgs.prometheus-mikrotik-exporter}/bin/mikrotik-exporter -config-file /mnt/secrets/${name}/ap.yml -port 127.0.0.1:9436";
  };
}