{ pkgs, lib, config, modulesPath, ... }:
with lib;
{
  imports = [
    "${modulesPath}/profiles/minimal.nix"
    "${modulesPath}/profiles/qemu-guest.nix"
    "${modulesPath}/virtualisation/qemu-vm.nix"
  ];

  config = {
    services.qemuGuest.enable = true;

    fileSystems."/" = {
      device = "/dev/disk/by-label/nixos";
      fsType = "ext4";
      autoResize = true;
    };

    boot = {
      growPartition = true;
      loader.timeout = 5;
    };

    virtualisation = {
      diskSize = 8000; # MB
      memorySize = 2048; # MB

      # We don't want to use tmpfs, otherwise the nix store's size will be bounded
      # by a fraction of available RAM.
      writableStoreUseTmpfs = false;
    };

    # So that we can ssh into the VM, see e.g.
    # http://blog.patapon.info/nixos-local-vm/#accessing-the-vm-with-ssh
    services.openssh.enable = true;
    services.openssh.settings.PermitRootLogin = "yes";
    # Give root an empty password to ssh in.
    users.extraUsers.root.password = "";
    users.mutableUsers = false;

    environment.systemPackages = with pkgs; [
      git
      htop
      neovim
    ];

    services.mysql = {
      enable = true;
      package = pkgs.mariadb;
    };

    services.redis.servers = {
      # Queue, naming it "" makes it use default values.
      "".enable = true;

      socketio = {
        enable = true;
        port = 12311;
      };
    };

    users.users.erpnext = {
      description = "User to run erpnext";
      group = "erpnext";
      isSystemUser = true;
    };
    #users = {
    #  users.${user} = {
    #    uid = 327;
    #    group = group;
    #    home = server.workDir;
    #  };
    #  groups.${group}.gid = 327;
    #};

    systemd.services.erpnext =
    let
      name = "worker1";
      user = "erpnext";
      group = "erpnext";
      server = {
        bind = "127.0.0.1:9090";
        workDir = "/var/lib/erpnext";
      };
    in {
      enable = true;
      wantedBy = [ "multi-user.target" ];
      after = [ "mysql.service" "redis.service" "redis-socketio.service" ];
      description = "ERPNext";

      environment =
      let
        penv = pkgs.python3.buildEnv.override {
          extraLibs = [
            pkgs.python3.pkgs.frappe
            pkgs.python3.pkgs.erpnext
            pkgs.python3.pkgs.bench
          ];
        };
      in {
        PYTHONPATH = "${penv}/${pkgs.python3.sitePackages}/";
      };

      #confinement = {
      #  enable = true;
      #  packages = [ ];
      #};
      serviceConfig = {
        #User = "erpnext";
        #NoNewPrivileges = true;
        Type = "simple";
        BindReadOnlyPaths = [
          "${pkgs.frappe-app}/share/apps/frappe:/frappe-bench/apps/frappe"
          "${pkgs.erpnext-app}/share/apps/erpnext:/frappe-bench/apps/erpnext"
          "${pkgs.frappe-erpnext-assets}/share/sites/assets:/frappe-bench/sites/assets"
          # "${penv}:/frappe-bench/env"
        ];
        ExecStartPre = pkgs.writeScript "erpnext-server.${name}-init" ''
          #!/bin/sh
          mkdir -p ${server.workDir}/sites
          chown ${user}:${group} ${server.workDir}

          cat > ${server.workDir}/sites/apps.txt <<EOF
          frappe
          erpnext
          EOF

          cat > ${server.workDir}/sites/common_site_config.json <<EOF
          {
            "db_host": "localhost",
            "db_port": 3306,
            "db_name": "erpnext" ,
            "db_password": "erpnext" ,
            "redis_cache": "redis://localhost:6379?db=0",
            "redis_queue": "redis://localhost:6379?db=1",
            "redis_socketio": "redis://localhost:6379?db=2",
            "socketio_port": 12311
          }
          EOF
          cd "${server.workDir}/sites"
          # Upstream initializes the DB with this command
          bench new-site localhost --mariadb-root-password password --admin-password admin
          bench --site localhost install-app erpnext
          node $tmp/apps/frappe/socketio.js &
        '';
        ExecStart = ''
          ${pkgs.python3Packages.gunicorn}/bin/gunicorn frappe.app:application --name ${name} \
          --chdir="${server.workDir}/sites" \
          --user ${user} \
          --group ${group} \
          --bind=${server.bind} \
          --pid ${server.workDir}/gunicorn-${name}.pid \
          --threads=4 \
          --workers=2 \
          --worker-class=gthread \
          --worker-tmp-dir=/dev/shm \
          --timeout=120 \
          --preload 
        '';
      };
    };

    system.stateVersion = "23.11";
  };
}