{ pkgs, ... }:
let
  defaultUpdater = { git ? null, url ? null, path ? null, keys ? null, dest, check, config }:
    let
      config.systemd.services."fooud-${dest}" = {
        serviceConfig = {
          Type = "oneshot";
          User = "root";
          Group = "root";
          ExecStart = let
            dest = pkgs.lib.assertMsg dest "dest must be set";
            remote =
              if git then "--git " + git
              else if url then "--url " + url
              else if path then "--path " + path
              else builtins.throw "one of git, url or path must be set";
            keys_str = if git then
              pkgs.lib.strings.concatStrings builtins.map (x: "--key ${x} ") keys
            else throw "cannot use keys with git";
          in pkgs.writeShellScript "fooud-${dest}-wrapper" ''
              ${pkgs.fooud}/bin/fooud ${keys_str} ${remote} ${dest}
              '';
        };
      };

      config.systemd.timers."fooud-${dest}" = {
        wantedBy = [ "timers.target" ];
        timerConfig = {
          OnActiveSec = "0s";
          OnUnitActiveSec = check;
          Unit = "fooud-${dest}.service";
          Persistent = true;
        };
      };
    in
      dest;
in
let
  gitUpdater = config: { git, keys, dest, check }:
    defaultUpdater { git = git; keys = keys; dest = dest; check = check; config = config; };
  fsUpdater = config: { path, dest, check }:
    defaultUpdater { path = path; dest = dest; check = check; config = config; };
  urlUpdater = config: { url, dest, check }:
    defaultUpdater { url = url; dest = dest; check = check; config = config; };

  lib = {
    inherit
      gitUpdater
      fsUpdater
      urlUpdater;
  };
in
  lib