{
  config,
  lib,
  pkgs,
  ...
}:

let
  cfg = config.programs.tickwatch;

in
{
  meta = {
    maintainers = with lib.maintainers; [ euxane ];
  };

  options = {
    programs.tickwatch = {
      enable = lib.mkOption {
        type = lib.types.bool;
        default = false;
        description = ''
          Whether to add tickwatch to the global environment
          and configure a setcap wrapper for it.
        '';
      };

      package = lib.mkPackageOption pkgs "tickwatch" { };
    };
  };

  config = lib.mkIf cfg.enable {
    environment.systemPackages = [ cfg.package ];

    security.wrappers.tickwatch = {
      owner = "root";
      group = "root";
      capabilities = "cap_net_raw+p";
      source = lib.getExe cfg.package;
    };
  };
}