{ inputs, pkgs, lib, hosts, config, ... }:
let
  inherit (config.networking) hostName;
  hyprspaceCapableNodes = lib.filterAttrs (_: host: host ? hyprspace) hosts;
  peersFormatted = builtins.mapAttrs (name: x: {
    inherit name;
    inherit (x.hyprspace) id;
    routes = map (net: { inherit net; }) (x.hyprspace.routes or []);
  }) hyprspaceCapableNodes;
  peersFiltered = lib.filterAttrs (name: _: name != hostName) peersFormatted;
  peerList = builtins.attrValues peersFiltered;
  myNode = hosts.${hostName};
  listenPort = myNode.hyprspace.listenPort or 8001;
  privateKeyFile = config.age.secrets.hyprspace-key.path;
in {
  imports = [
    inputs.hyprspace.nixosModules.default
  ];
  age.secrets.hyprspace-key = {
    file = ../../secrets/hyprspace-key- + "${hostName}.age";
    mode = "0400";
  };

  systemd.services.hyprspace = {
    environment = lib.optionalAttrs config.services.kubo.enable {
      HYPRSPACE_IPFS_API = config.services.kubo.settings.Addresses.API;
    };
  };

  services.hyprspace = {
    enable = true;
    inherit privateKeyFile;
    settings = {
      listenAddresses = let
        port = toString listenPort;
      in [
        "/ip4/0.0.0.0/tcp/${port}"
        "/ip4/0.0.0.0/udp/${port}/quic-v1"
        "/ip6/::/tcp/${port}"
        "/ip6/::/udp/${port}/quic-v1"
      ];
      peers = peerList;
    };
  };

  networking.networkmanager.dispatcherScripts = [{
    source = pkgs.writeShellScript "hyprspace-reconnect.sh" ''
      [[ "$2" != "up" ]] && exit 0
      PATH=${pkgs.systemd}/bin:$PATH
      case $1 in
        wl*|en*)
          systemctl reload-or-restart --no-block hyprspace.service;;
      esac
      exit 0
    '';
    type = "basic";
  }];
}