{ config, lib, pkgs, ... }:
let
  cfg = config.services.softu2f;
  softu2f = pkgs.callPackage ./softu2f.nix { };
in
{
  options.services.softu2f = {
    enable = lib.mkEnableOption "Enables the softu2f service";
  };
  config = lib.mkIf cfg.enable {
    systemd.sockets.softu2f = {
      wantedBy = [ "sockets.target" ];
      socketConfig = {
        ListenStream = "/run/softu2f/softu2f.sock";
      };
    };
    systemd.services.softu2f = {
      description = "Software-only U2F Emulation Service";
      wants = [ "softu2f.socket" ];
      serviceConfig = {
        Type = "simple";
        ExecStart = "${softu2f}/bin/softu2f-system-daemon";
        PrivateNetwork = "yes";
        PrivateTmp = "true";
      };
    };
    systemd.user.services.softu2f = {
      description = "Software-only U2F Emulation Service";
      wantedBy = [ "default.target" ];
      serviceConfig = {
        Type = "simple";
        ExecStart = "${softu2f}/bin/softu2f-user-daemon";
        NoNewPrivileges = "true";
        PrivateTmp = "true";
      };
    };
  };
}