{ pkgs, config, ... }:

let
  passbemenu = pkgs.writeScriptBin "passbemenu" ''
    #!${pkgs.stdenv.shell}
    shopt -s nullglob globstar

    typeit=0
    if [[ $1 == "--type" ]]; then
      typeit=1
      shift
    fi

    export BEMENU_BACKEND=wayland

    prefix=''${PASSWORD_STORE_DIR-~/.password-store}
    password_files=( "$prefix"/**/*.gpg )
    password_files=( "''${password_files[@]#"$prefix"/}" )
    password_files=( "''${password_files[@]%.gpg}" )

    password=$(printf '%s\n' "''${password_files[@]}" | \
      ${pkgs.bemenu}/bin/bemenu --list 20 --ignorecase --prompt 'Pass: ' "$@")

    [[ -n $password ]] || exit

    ${pkgs.pass-wayland}/bin/pass show -c "$password" 2>/dev/null
  '';
  threema-vpn = pkgs.writeScriptBin "threema-vpn" ''
    #!${pkgs.stdenv.shell}
    set -eo pipefail

    SERVICE=openvpn-threema
    SERVICE_EXEC="${config.systemd.services.openvpn-threema.serviceConfig.ExecStart}"

    exec sudo ${pkgs.openvpn}/sbin/openvpn''${SERVICE_EXEC#@* openvpn}

  '';
  threema-env = pkgs.writeScriptBin "threema-env" ''
    #!/usr/bin/env bash
    set -eo pipefail

    # Nix shell might fail on some PWDs, so go to home
    cd $HOME

    ENV_NAME="$1"
    ENV_FILE="$HOME/shares/cloud.threema.ch/envs/''${ENV_NAME}.nix"
    COMMAND="$2"

    if [ -z "$ENV_NAME" ]; then
      echo "Error: No env name provided" >&2
      exit 2
    fi

    if [ ! -f "$ENV_FILE" ]; then
      echo "Error: Env file does not exist" >&2
      exit 3
    fi

    echo "Starting '$COMMAND' in env '$ENV_FILE'"
    ${pkgs.nix}/bin/nix-shell ''${ENV_FILE} --run "$COMMAND"
  '';
in {
  home-manager.users.fhauser.home.packages =
    [ passbemenu threema-vpn threema-env ];
}