{
  lib,
  pkgs,
  config,
  ...
}:

with lib;
let
  cfg = config.services.madd-client;
in
{
  options.services.madd-client = {
    enable = mkEnableOption "MADD client";
    endpoint = mkOption {
      type = types.str;
      description = "Endpoint for MADD client to connect to.";
    };
    interface = mkOption {
      type = types.str;
      description = "Network interface to use for MADD client.";
    };
    priv-key-file = mkOption {
      type = types.str;
      default = "/etc/ssh/ssh_host_ed25519_key";
      description = "Path to the private SSH key file identifying this machine.";
    };
    pub-key-file = mkOption {
      type = types.str;
      default = "${config.services.madd-client.priv-key-file}.pub";
      description = "Path to the public SSH key file identifying this machine.";
    };
    hostname = mkOption {
      type = types.str;
      default = config.networking.hostName;
      description = "Hostname to use for MADD client.";
    };
  };

  config = mkIf cfg.enable {
    systemd.services.madd-client = {
      description = "MADD Client Service";
      wantedBy = [ "multi-user.target" ];
      after = [ "network-online.target" ];
      requires = [ "network-online.target" ];
      script = ''
        function run_update {
          ipv4=$(${pkgs.iproute2}/bin/ip -4 addr show dev "${cfg.interface}" | grep -Po 'inet \K[\d.]+' || true)
          if [ -n "$ipv4" ]; then

            export MADD_ENDPOINT="${cfg.endpoint}";
            export MADD_PRIV_KEY="${cfg.priv-key-file}";
            export MADD_PUB_KEY="${cfg.pub-key-file}";
            export MADD_HOSTNAME="${cfg.hostname}";
            export MADD_IP="$ipv4";

            ${pkgs.madd-client}/bin/madd-client 2>/dev/null ;
          fi
        }

        run_update

        ${pkgs.iproute2}/bin/ip -4 monitor address label dev "${cfg.interface}" | while read -r event; do
          if [[ $event == \[ADDR\]* ]]; then
            echo "Detected address change"
            run_update
          fi
        done
      '';
    };
  };
}