{ config, pkgs, lib, ... }:

let
  dbPath = "${config.home.homeDirectory}/Documents/Passwords/main.kdbx"; # adjust as needed
  cfg = config.homeModules.keepass;
in

lib.mkIf cfg.enable {
  home.packages = with pkgs; [
    keepassxc
  ];

  # Optional: Desktop entry tweaks or custom XDG
  xdg.mimeApps.defaultApplications = {
    "application/x-kdbx" = "org.keepassxc.KeePassXC.desktop";
  };

  xdg.desktopEntries.keepassxc = {
    name = "KeePassXC";
    genericName = "Password Manager";
    exec = "keepassxc %f";
    terminal = false;
    categories = [ "Utility" "Security" ];
    mimeType = [ "application/x-kdbx" ];
  };

  # Autostart with KeePassXC and preload DB
  systemd.user.services.keepassxc = {
    Unit = {
      Description = "KeePassXC Password Manager";
      After = [ "graphical-session.target" ];
    };
    Service = {
      ExecStart = "${pkgs.keepassxc}/bin/keepassxc ${dbPath}";
      Restart = "on-abort";
    };
    Install.WantedBy = [ "default.target" ];
  };

  # Optional system tray icon via environment variable
  home.sessionVariables = {
    KEEPASSXC_SHOW_SYSTEM_TRAY_ICON = "1";
  };

  # Browser integration: ensure it's available and optionally install native messaging host
  programs.browserpass.enable = true;

  # Optional: configure secrets sync path (e.g. synced with Syncthing)
  home.file.".config/keepassxc/config.ini".text = ''
    [General]
    LastDatabases=${dbPath}
    MinimizeToTray=true
    StartMinimized=false
    AutoOpenDatabasesOnStartup=true
    AutoSaveOnExit=true
    AutoLockDatabaseIdleMinutes=10
    AutoTypePrependMenu=true

    [Security]
    ClearClipboardAfterSeconds=10
    LockDatabaseAfterIdle=true
    LockDatabaseOnScreenSaver=true
    LockDatabaseOnSessionLock=true
  '';
}