{ config, lib, pkgs, ... }: let
  # Make sure that the license manager version matches the currently
  # issued license to KCNHUB in the License Centre.
  license-manager = pkgs.stdenv.mkDerivation rec {
    pname = "matlab-license-server";
    version = "R2023b";
    src = pkgs.fetchurl {
      url = "https://ssd.mathworks.com/supportfiles/downloads/${version}/license_manager/${version}/daemons/glnxa64/mathworks_network_license_manager_glnxa64.zip";
      hash = "sha256-Btl3ETzTtAV+cjqwXf4AE4QJCtssN1s6dmmcpR1EQxY=";
    };
    nativeBuildInputs = [
      pkgs.autoPatchelfHook
    ];
    unpackPhase = ''
      ${pkgs.unzip}/bin/unzip $src
    '';
    installPhase = ''
      mkdir $out
      cp -r * $out/
      addAutoPatchelfSearchPath $out/*
    '';
  };
  matlab-server-user = "matlab-server";
  homedir = "/var/lib/${matlab-server-user}";

  # Make sure this is up to date with the latest license file
  # by editting secrets/matlab-network.lic
  NETWORK_LICENSE = config.sops.secrets.matlab-network-license.path;

  PORT = 27000;
in {
  users.users.${matlab-server-user} = {
    isSystemUser = true;
    home = homedir;
    useDefaultShell = true;
    group = matlab-server-user;
  };
  users.groups.${matlab-server-user} = {};

  sops.secrets.matlab-license = {
    sopsFile = ../secrets/matlab.lic;
    format = "binary";

    owner = matlab-server-user;
    restartUnits = [ "matlab-license-server.service" ];
  };
  sops.secrets.matlab-network-license = {
    sopsFile = ../secrets/matlab-network.lic;
    format = "binary";

    owner = matlab-server-user;
    mode = "0444";
    restartUnits = [ "matlab-license-server.service" ];
  };

  systemd.services.matlab-license-server = {
    # Start on boot
    enable = true;
    # When multi user login is loaded, matlab-server user can be used
    wantedBy = [ "multi-user.target" ];
    # The license server has to be after networking is available
    after = [ "network.target" ];
    description = "MATLAB License Server";
    serviceConfig = {
      Type = "forking";
      User = matlab-server-user;
      Group = matlab-server-user;
      RuntimeDirectory = matlab-server-user;
      WorkingDirectory = homedir;
      ExecStartPre = pkgs.writeScript "matlab-license-serverify" ''
        #!${pkgs.bash}/bin/bash
        head -n1 ${NETWORK_LICENSE} > ${homedir}/license.lic
        echo 'DAEMON MLM DAEMON MLM ${license-manager}/etc/glnxa64/MLM' >> ${homedir}/license.lic
        cat ${config.sops.secrets.matlab-license.path} >> ${homedir}/license.lic
      '';
      ExecStart = "${license-manager}/etc/glnxa64/lmgrd -c ${homedir}/license.lic";
    };
  };

  environment.sessionVariables = {
    LM_LICENSE_FILE = NETWORK_LICENSE;
    MLM_LICENSE_FILE = NETWORK_LICENSE;
  };

  networking.firewall.allowedTCPPorts = [
    PORT
  ];
  networking.firewall.allowedUDPPorts = [
    PORT
  ];
}