{ config, pkgs, ... }:

{
  systemd.services.auto-update = {
    description = "Auto-update NixOS configuration";
    path = with pkgs; [ git nix openssh ];
    
    serviceConfig = {
      Type = "oneshot";
      User = "root";
      WorkingDirectory = "/etc/commonscomputing-nix";
    };
    
    script = ''
      set -e
      
      echo "Pulling latest changes..."
      git pull
      
      echo "Updating flake inputs..."
      nix flake update
      
      # Check if there are changes to commit
      if ! git diff --quiet flake.lock; then
        echo "Committing flake.lock updates..."
        git add flake.lock
        git commit -m "auto-update: flake inputs $(date -Iseconds)"
        
        echo "Pushing changes..."
        git push
      else
        echo "No flake.lock changes to commit"
      fi
      
      echo "Rebuilding system..."
      if ! nixos-rebuild switch --flake .#asusmini; then
        echo "Build/switch failed, staying on current generation"
        exit 1
      fi
      
      echo "Auto-update completed successfully"
    '';
  };

  systemd.timers.auto-update = {
    description = "Auto-update timer";
    wantedBy = [ "timers.target" ];
    timerConfig = {
      OnCalendar = "weekly";  # Run weekly, adjust as needed
      Persistent = true;  # Run on boot if missed
      RandomizedDelaySec = "1h";  # Add some randomness
    };
  };
  
  # TODO: Set up SSH key for git push access
  # Options:
  # 1. Deploy key with write access to the repo
  # 2. Generate SSH key on server and add to GitHub
  # Command to generate: ssh-keygen -t ed25519 -f /root/.ssh/commons-nix-deploy -N ""
}