{ config, lib, pkgs, ... }:

with lib;
let
  hostname = config.instance.hostname;
  secrets = config.fudo.secrets.host-secrets.${hostname};
  cfg = config.fudo.france.postgresql;
in {
  options.fudo.france.postgresql = with types; {
    ssl-certificate = mkOption {
      type = str;
      description = "SSL certificate to use for the LDAP server.";
    };
    ssl-private-key = mkOption {
      type = str;
      description = "SSL private key to use for the LDAP server.";
    };
    keytab = mkOption {
      type = path;
      description = "Postgres service keytab.";
    };
  };

  config.fudo.postgresql = {
    enable = true;

    local-networks = config.instance.local-networks;

    ssl-private-key = cfg.ssl-private-key;
    ssl-certificate = cfg.ssl-certificate;
    keytab = cfg.keytab;
  };
}