{ config, pkgs, lib, ... }: with lib; let
  cfg = config.services.ssh-cert-dist;
in
{
  imports = [
    ./options.nix
  ];
  config.systemd.user.services = mkIf cfg.enable (mapAttrs'
    (path: options: {
      inherit (options) name; value = {
      Unit.Description = "ssh-cert-dist service for ${path}";
      Service = {
        Environment = "RUST_LOG=debug";
        ExecStart = "${pkgs.writeShellApplication {
          name = "sshcd";
          runtimeInputs = [ cfg.package ];
          text = ''
            ${optionalString options.fetch ''
             sshcd fetch --cert-dir '${path}' --api-endpoint '${cfg.endpoint}' 
            ''}
            ${optionalString options.upload ''
             sshcd upload --api-endpoint '${cfg.endpoint}' ${path}/*
            ''}
          '';
        }}/bin/sshcd";
      };
    };
    })
    cfg.directories);
  config.systemd.user.timers = mkIf cfg.enable (mapAttrs'
    (path: options: {
      inherit (options) name; value = {
      Unit.Description = "ssh-cert-dist service for ${path}";
      Timer = {
        OnCalendar = options.interval;
        Persistent = true;
        Unit = "${options.name}.service";
      };
      Install.WantedBy = [ "timers.target" ];
    };
    })
    cfg.directories);
  config.home.sessionVariables = mkIf (cfg.enable && cfg.endpoint != null) {
    SSH_CD_API = cfg.endpoint;
  };
  config.home.packages = mkIf cfg.enable [ cfg.package ];
}