{ config, lib, ... }:
let
  allApps = lib.concatMap lib.attrValues (lib.concatMap lib.attrValues (lib.attrValues config.fysiweb-apps));
in
{
  options.fysiweb.capabilities.password-credentials = lib.mkOption {
    type = lib.types.attrsOf (lib.types.attrsOf (lib.types.submodule {
      options.username = lib.mkOption {
        type = lib.types.str;
      };
      options.passwordFile = lib.mkOption {
        type = lib.types.str;
      };
    }));
    default = { };
  };
  options.fysiweb.capabilities.ssh-credentials = lib.mkOption {
    type = lib.types.attrsOf (lib.types.attrsOf (lib.types.submodule {
      options.publicKeyFile = lib.mkOption {
        type = lib.types.str;
      };
    }));
    default = { };
  };
  config = {
    fysiweb.capabilities = lib.attrsets.mergeAttrsList (lib.concatMap
      (appConfig:
        let path = (toString ../../apps) + "/${appConfig.appName}/capabilities.nix"; in
        lib.optionals (lib.pathIsRegularFile path) [
          (lib.mapAttrs (_: value: { ${appConfig.appId} = value; })
            (import path { inherit appConfig config lib; }))
        ])
      allApps);
  };
}