{ config, lib, pkgs, ... }:

let
  stateDir = "/var/lib/dnsmasq";
  blocklist = "${stateDir}/dnsmasq.blacklist.txt";

in {
  # Pull changes from git repos
  systemd.user.services.git-pull = {
    description = "Pull git repositories";
    wantedBy = [ "default.target" ];
    path = with pkgs; [ git ];
    script = ''
      base_folder=/vault/code
      cd "$base_folder" || exit
      ls | xargs -P10 -I{} git -C {} pull --rebase
    '';
    serviceConfig = { Type = "oneshot"; };
  };

  systemd.user.timers.git-pull = {
    description = "Daily code update";
    wantedBy = [ "default.target" ];
    timerConfig = {
      OnCalendar = "22:00:00";
      Unit = "git-pull.service";
    };
  };

  # PostgreSQL daily backups
  services.postgresqlBackup = {
    enable = true;
    backupAll = true;
    location = "/vault/backups/databases/nextcloud";
    startAt = "*-*-* 05:15:00";
  };

  # Fetch hosts-blocklists daily
  systemd.services.download-dns-blocklist = {
    description = "Download hosts-blocklists";
    wantedBy = [ "default.target" ];
    path = with pkgs; [ curl ];
    script =
      "curl -L https://github.com/notracking/hosts-blocklists/raw/master/dnsmasq/dnsmasq.blacklist.txt -o ${blocklist}";
    serviceConfig.Type = "oneshot";
    postStop = ''
      chown -R dnsmasq ${stateDir}
      systemctl restart dnsmasq
    '';
  };

  systemd.timers.download-dns-blocklist = {
    description = "Daily download of hosts-blocklists";
    wantedBy = [ "default.target" ];
    timerConfig = {
      OnCalendar = "02:00:00";
      Unit = "download-dns-blocklist.service";
    };
  };
}