{ me, pkgs, ... }:

let
  moonrakerPort = 7125;
  klipperDir = "/srv/klipper";

  serial = "/dev/ttyUSB0";

  user = "klipper";
  group = "klipper";

  klipper-config = pkgs.runCommand "klipper-printer.cfg" {} ''
    cat \
      ${../assets/printer/printer.cfg} \
      ${../assets/printer/mainsail.cfg} \
      > $out
  '';
in
{
  users.users.klipper = {
    isSystemUser = true;
    description = "Klipper user";
    home = "/srv/klipper";
    inherit group;
    extraGroups = [ "dialout" ]; # for serial access
  };
  users.groups.klipper = {};

  services = {
    klipper = {
      enable = true;
      inherit user group;

      firmwares.mcu = {
        enable = true;
        enableKlipperFlash = true;
        inherit serial;
        configFile = ../assets/printer/firmware.cfg;
      };

      configFile = klipper-config;
      # will change to just `configDir` in 25.05,
      # update it then.
      mutableConfig = true;
      mutableConfigFolder = "${klipperDir}/config";
    };

    moonraker = {
      enable = true;
      inherit user group;

      address = me.tailscale.ip;
      port = moonrakerPort;

      stateDir = "${klipperDir}/moonraker";
      settings = {
        authorization = {
          cors_domains = [
            "https://app.fluidd.xyz"
            "https://my.mainsail.xyz"
            "https://*.rnrd.fyi"
          ];

          trusted_clients = [
            "10.0.0.0/8"
            "127.0.0.1/24"
            "192.168.178.0/24"
          ];
        };
      };
    };
  };
}