{ config, lib, pkgs, ... }:

with lib;
let
  domainOpts = { domain, ... }: {
    options = {
      domain = mkOption {
        type = types.str;
        description = "Domain name.";
        default = domain;
      };

      local-networks = mkOption {
        type = with types; listOf str;
        description =
          "A list of networks to be considered trusted on this network.";
        default = [ ];
      };

      local-users = mkOption {
        type = with types; listOf str;
        description =
          "A list of users who should have local (i.e. login) access to _all_ hosts in this domain.";
        default = [ ];
      };

      local-admins = mkOption {
        type = with types; listOf str;
        description =
          "A list of users who should have admin access to _all_ hosts in this domain.";
        default = [ ];
      };

      local-groups = mkOption {
        type = with types; listOf str;
        description = "List of groups which should exist within this domain.";
        default = [ ];
      };

      admin-email = mkOption {
        type = types.str;
        description = "Email for the administrator of this domain.";
        default = "admin@fudo.org";
      };

      gssapi-realm = mkOption {
        type = with types; nullOr str;
        description = "GSSAPI (i.e. Kerberos) realm of this domain.";
      };
    };
  };

in {
  options.fudo.domains = mkOption {
    type = with types; attrsOf (submodule domainOpts);
    description = "Domain configurations for all domains known to the system.";
    default = { };
  };
}