{ config, lib, pkgs, ... }:

with lib;
let
  primary-ip = "208.81.3.117";
  git-server-ip = "208.81.3.118";
  hostname = config.instance.hostname;
  domain-name = config.fudo.hosts.${hostname}.domain;
  domain = config.fudo.domains.${domain-name};
  host-fqdn = "${hostname}.${domain-name}";
  mail-hostname = "mail.fudo.org";

  france-secrets = config.fudo.secrets.host-secrets.france;

  acme-private-key = hostname: "/var/lib/acme/${hostname}/key.pem";
  acme-certificate = hostname: "/var/lib/acme/${hostname}/fullchain.pem";

in {
  imports = let
    is-regular-file = filename: type: type == "regular" || type == "link";
    regular-files = path:
      attrNames (filterAttrs is-regular-file (builtins.readDir path));
    is-nix-file = filename: (builtins.match "^(.+)\.nix$" filename) != null;
    nix-files = path:
      map
        (file: path + "/${file}")
        (filter is-nix-file (regular-files path));
  in nix-files ./france;

  config = {
    fudo = {
      hosts.france.external-interfaces = [ "extif0" ];

      client.dns = {
        enable = true;
        ipv4 = true;
        ipv6 = true;
        user = "fudo-client";
        external-interface = "extif0";
      };

      france = {
        mail = {
          mail-directory = "/state/mail-server/mail";
          state-directory = "/state/mail-server/var";
          ldap-server-urls = [
            "ldap://france.fudo.org"
          ];
        };

        webmail = {
          # TODO: this is not using the database!
          mail-server = mail-hostname;
          database.hostname = "localhost";
        };

        git = {
          repository-directory = "/state/gitea/repo";
          state-directory = "/state/gitea/state";
          ssh.listen-ip = git-server-ip;
        };
      };

      minecraft-server = {
        enable = true;
        package = pkgs.minecraft-current;
        data-dir = "/state/minecraft/selbyland";
        world-name = "selbyland";
        motd = "Welcome to the Selby Minecraft server.";
      };
    };

    networking = {
      intif0 = {
        ipv4.addresses = [{
          address = "192.168.11.1";
          prefixLength = 24;
        }];
      };
      extif0 = {
        ipv4.addresses = [
          {
            address = primary-ip;
            prefixLength = 28;
          }
          {
            address = git-server-ip;
            prefixLength = 32;
          }
        ];
      };
    };

    services = {
      nginx = {
        enable = true;
        recommendedGzipSettings = true;
        recommendedOptimisations = true;
        recommendedTlsSettings = true;
        recommendedProxySettings = true;

        virtualHosts = {
          "mail.fudo.org" = {
            enableACME = true;
            locations."/".return = "301 https://webmail.fudo.org$request_uri";
          };
        };
      };
    };
  };
}