# root.nix - Main backup system module
{
  config,
  lib,
  pkgs,
  ...
}:
with lib; let
  cfg = config.system.backups;

  # Filter backups by backend
  getBackupsByBackend = backend:
    filterAttrs (_: backup: backup.backend == backend && backup.enable) cfg.backups;
in {
  options.system.backups = {
    # Backend registration system - backends register themselves here
    backends = mkOption {
      type = with types; attrsOf (functionTo attrs);
      internal = true;
      default = {};
      description = ''
        Attribute set of backends where the value is a function that accepts
        backend-specific arguments and returns an attribute set for the backend's options.
      '';
    };

    # Import the backups option from separate file, passing cfg for backend inference
    backups = import ./backups-option.nix cfg;

    # Pass lib to the backups-option for access to mkOption, types, etc.
    lib = mkOption {
      type = types.attrs;
      internal = true;
      default = lib;
    };
  };

  config = {
    # Re-export backups at root level for convenience
    # backups = cfg.backups;

    # Common backup packages
    environment.systemPackages = with pkgs; [
      # Add common backup utilities here
    ];

    # Common systemd service modifications for all backup services
    systemd.services = let
      allBackupServices = flatten (
        mapAttrsToList (
          backendName: backups:
            mapAttrsToList (name: backup: "${backendName}-backups-${name}") backups
        ) (genAttrs (attrNames cfg.backends) (backend: getBackupsByBackend backend))
      );
    in
      genAttrs allBackupServices (serviceName: {
        serviceConfig = {
          # Common hardening for all backup services
          ProtectSystem = "strict";
          ProtectHome = "read-only";
          PrivateTmp = true;
          NoNewPrivileges = true;
        };
      });
  };
}