{ config, lib, pkgs, ... }:

with lib;
let
  hostname = config.instance.hostname;
  localDomain = "fudo.org";
  serviceSecrets = config.fudo.secrets.files.service-secrets."${hostname}";

  domain = config.fudo.domains."${localDomain}";

  authentikHost = "legatus";

  primaryNameserver = "germany";

in {
  imports = [
    (import ./fudo.org/authentik.nix { inherit authentikHost; })
    (import ./fudo.org/mastodon.nix {
      mastodonHost = "legatus";
      mastodonHostname = "mastodon.fudo.org";
      mastodonOidcClientId = serviceSecrets."mastodon-oidc.clientid";
      mastodonOidcClientSecret = serviceSecrets."mastodon-oidc.secret";
    })
    (import ./fudo.org/nextcloud.nix {
      nextcloudHost = "legatus";
      nextcloudHostname = "cloud.fudo.org";
      nextcloudPackage = pkgs.nextcloud27;
    })
    (import ./fudo.org/matrix.nix {
      matrixHost = "legatus";
      matrixServerName = "fudo.org";
      openIdClientId = readFile serviceSecrets."matrix-oidc.clientid";
      openIdClientSecret = readFile serviceSecrets."matrix-oidc.secret";
    })
    (import ./fudo.org/mail-server.nix (rec {
      primaryMailserver = "germany";
      primaryDomain = "test.fudo.org";
      authentikServer = "authentik.fudo.org";
      ldapBase = "dc=fudo,dc=org";
      ldapBindDn = "cn=userdb,ou=users,${ldapBase}";
      ldapBindPwFile =
        config.fudo.secrets.files.domain-secrets."${primaryDomain}"."ldap-bind.passwd";
      saslDomain = "FUDO.ORG";
      authentikOutpostToken =
        config.fudo.secrets.files.domain-secrets."${primaryDomain}"."authentik-ldap.token";
      servedDomains =
        [ "fudo.org" "fudo.ca" "fudo.im" "selby.ca" "selbyhomecentre.com" ];
      # TODO: FIXME!
      dkimRecord = "";
    }))
  ];
  config = {
    # All Fudo hosts should redirect selby.ca to the selbyhomecentre website.
    services.nginx.virtualHosts = {
      "selby.ca".locations."/".return =
        "301 https://selbyhomecentre.com$request_uri";
      "www.selby.ca".locations."/".return =
        "301 https://selbyhomecentre.com$request_uri";
      "selbyhomecentre.com".locations."/".return =
        "301 https://selbyhomecentre.com$request_uri";
      "www.selbyhomecentre.com".locations."/".return =
        "301 https://selbyhomecentre.com$request_uri";
    };

    fudo.services = {
      jabber = {
        domain = "jabber.fudo.org";
        ldap.servers = map (host: "${host}.${localDomain}") domain.ldap-servers;
      };

      authoritative-dns = {
        enable = hostname == primaryNameserver;

        nameservers = { primary = primaryNameserver; };

        zones = {
          "fudo.org" = {
            default-host = "germany";
            ksk = config.fudo.secrets.files.dns.key-signing-keys."fudo.org";
          };
          "selby.ca" = {
            default-host = "germany";
            ksk = null;
          };
          "selbyhomecentre.com" = {
            default-host = "germany";
            ksk = null;
          };
        };
      };
    };
  };
}