{ config, pkgs, lib, ... }: with lib; let
  cfg = config.services.ssh-cert-dist;
in
{
  config.imports = [
    ./options.nix
  ];
  config.systemd.user.services = mkIf cfg.enable (mapAttrs'
    (path: options: {
      inherit (options) name; value = {
      Unit.Description = "ssh-cert-dist service for ${path}";
      Service = {
        Environment = "RUST_LOG=debug";
        ExecStart = toString (pkgs.writeShellApplication {
          name = "ssh-cert-dist-${options.name}";
          runtimeInputs = [ pkgs.ssh-cert-dist ];
          text = ''
            ${optionalString options.fetch ''
             ssh-cert-dist client fetch --cert-dir '${path}' --api-endpoint '${cfg.endpoint}' 
            ''}
            ${optionalString options.upload ''
             ssh-cert-dist client upload --api-endpoint '${cfg.endpoint}' ${path}/*
            ''}

          '';
        });
      };
    };
    })
    cfg.directories);
}