{ lib, config, pkgs, flakeRoot, ... }:

let
  moduleName = "install-flatpaks";
  flatpakConfPath = "${flakeRoot}/assets/system/apps/flatpaks.conf";

  # Lees en split het bestand
  raw = builtins.readFile flatpakConfPath;
  rawLines = lib.splitString "\n" raw;

  # Guard: check dat we niet per karakter hebben gesplit
  _guard =
    assert !(builtins.stringLength raw > 1 && builtins.length rawLines == builtins.stringLength raw);
    true;

  # Cleanup per regel: CR verwijderen, commentaar weghalen, trim
  cleanLine = line:
    let
      noCR = lib.replaceStrings [ "\r" ] [ "" ] line;
      noInlineComment = lib.head (lib.splitString "#" noCR);
    in
      lib.strings.trim noInlineComment;

  # Filter lege regels
  entries = builtins.filter (l: l != "") (map cleanLine rawLines);

  # Validatie: check reverse-DNS stijl (min 2 dots)
  dotCount = s: builtins.length (lib.splitString "." s) - 1;
  isValidId = s: (dotCount s) >= 2;

  _validate = builtins.seq _guard (
    builtins.map (id:
      if isValidId id then true
      else throw ''
        ${moduleName}: invalid Flatpak ID in flatpaks.conf (needs reverse-DNS with at least 2 dots)

        Token         : ${builtins.toJSON id}
        flatpaks.conf : ${toString flatpakConfPath}

        Fix: remove stray tokens or comment them out with '#'.
      ''
    ) entries
  );

  # Gebruik de gevalideerde lijst
  flatpakApps = builtins.seq _validate entries;

  # Maak systemd script
  syncFlatpaks = pkgs.writeShellScript "sync-flatpaks" ''
    set -euo pipefail

    CONF="/etc/flatpak/flatpaks.conf"
    if [[ -f "$CONF" ]]; then
      echo "flatpak-sync: using $CONF"
    else
      echo "flatpak-sync: WARNING: $CONF not found, using embedded list"
    fi

    if ! flatpak remotes --system --columns=name | grep -qx flathub; then
      flatpak remote-add --system --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
    fi

    desired_apps=(
      ${lib.concatStringsSep "\n" (map (a: ''"${a}"'') flatpakApps)}
    )

    for app in "${desired_apps[@]}"; do
      if ! flatpak info --system "$app" >/dev/null 2>&1; then
        flatpak install --system -y --noninteractive flathub "$app"
      fi
    done
  '';
in
{
  options.mySystem.system.flatpak.enable = lib.mkEnableOption "Enable automatic Flatpak installation";

  config = lib.mkIf (config.mySystem.system.flatpak.enable or false) {

    # Flatpak service zelf
    services.flatpak.enable = true;

    xdg.portal.enable = true;

    # Deploy config voor runtime/debug
    environment.etc."flatpak/flatpaks.conf".source = lib.mkForce flatpakConfPath;

    # systemd service
    systemd.services.flatpak-sync = {
      description = "Install Flatpak apps listed in flatpaks.conf";
      wantedBy = [ "multi-user.target" ];
      wants = [ "network-online.target" ];
      after = [ "network-online.target" ];

      serviceConfig = {
        Type = "oneshot";
        ExecStart = syncFlatpaks;
      };

      restartTriggers = [ flatpakConfPath ];

      path = [
        pkgs.flatpak
        pkgs.coreutils
        pkgs.gnugrep
        pkgs.gnused
      ];
    };
  };
}