{ config, lib, pkgs, environment, ... }:

with lib;
let
  inherit (lib.strings) concatStringsSep;
  cfg = config.fudo.mail-server;

in {

  options.fudo.mail-server = {
    enable = mkEnableOption "Fudo Email Server";

    enableContainer = mkEnableOption ''
      Run the mail server in a container.

      Mutually exclusive with mail-server.enable.
    '';

    domain = mkOption {
      type = types.str;
      description = "The main and default domain name for this email server.";
    };

    hostname = mkOption {
      type = types.str;
      description = "The domain name to use for the mail server.";
    };

    monitoring = mkEnableOption "Enable monitoring for the mail server.";

    mail-user = mkOption {
      type = types.str;
      description = "User to use for mail delivery.";
    };

    # No group id, because NixOS doesn't seem to use it
    mail-group = mkOption {
      type = types.str;
      description = "Group to use for mail delivery.";
    };

    mail-user-id = mkOption {
      type = types.int;
      description = "UID of mail-user.";
    };

    local-domains = mkOption {
      type = with types; listOf str;
      description = "A list of domains for which we accept mail.";
      default = ["localhost" "localhost.localdomain"];
      example = [
        "localhost"
        "localhost.localdomain"
        "somedomain.com"
        "otherdomain.org"
      ];
    };

    mail-directory = mkOption {
      type = types.str;
      description = "Path to use for mail storage.";
    };

    state-directory = mkOption {
      type = types.str;
      description = "Path to use for state data.";
    };

    trusted-networks = mkOption {
      type = with types; listOf str;
      description = "A list of trusted networks, for which we will happily relay without auth.";
      example = [
        "10.0.0.0/16"
        "192.168.0.0/24"
      ];
    };

    sender-blacklist = mkOption {
      type = with types; listOf str;
      description = "A list of email addresses for whom we will not send email.";
      default = [];
      example = [
        "baduser@test.com"
        "change-pw@test.com"
      ];
    };

    recipient-blacklist = mkOption {
      type = with types; listOf str;
      description = "A list of email addresses for whom we will not accept email.";
      default = [];
      example = [
        "baduser@test.com"
        "change-pw@test.com"
      ];
    };

    message-size-limit = mkOption {
      type = types.int;
      description = "Size of max email in megabytes.";
      default = 30;
    };

    user-aliases = mkOption {
      type = with types; loaOf(listOf str);
      description = "A map of real user to list of aliases.";
      example = {
        someuser = ["alias0" "alias1"];
      };
    };

    alias-users = mkOption {
      type = with types; loaOf(listOf str);
      description = "A map of email alias to a list of users.";
      example = {
        alias = ["realuser0" "realuser1"];
      };
    };

    mailboxes = mkOption {
      description = ''
        The mailboxes for dovecot.

        Depending on the mail client used it might be necessary to change some mailbox's name.
     '';
      default = [
        {
          name = "Trash";
          auto = "no";
          specialUse = "Trash";
        }
        {
          name = "Junk";
          auto = "subscribe";
          specialUse = "Junk";
        }
        {
          name = "Drafts";
          auto = "subscribe";
          specialUse = "Drafts";
        }
        {
          name = "Sent";
          auto = "subscribe";
          specialUse = "Sent";
        }
      ];
    };

    debug = mkOption {
      description = "Enable debugging on mailservers.";
      type = types.bool;
      default = false;
    };

    max-user-connections = mkOption {
      description = "Max simultaneous connections per user.";
      type = types.int;
      default = 20;
    };
  };

  imports = [
    ./mail/dkim.nix
    ./mail/dovecot.nix
    ./mail/postfix.nix
    ./mail/rspamd.nix
    ./mail/clamav.nix
  ];
}