{ config, lib, pkgs, ... }:

with lib;
let
  hostname = config.instance.hostname;
  domain-name = config.instance.local-domain;

  secrets = config.fudo.secrets.host-secrets.${hostname};

  mail-reader-dn = "mail-auth-reader";
in {
  options.fudo.france.mail = with types; {
    mail-directory = mkOption {
      type = str;
      description = "Directory to contain user maildirs.";
    };

    state-directory = mkOption {
      type = str;
      description = "Directory to contain mail-server state.";
    };

    ldap-server-urls = mkOption {
      type = listOf str;
      description = "List of LDAP server URLs.";
    };
  };

  config.fudo = {
    system-users = {
      username = mail-reader-dn;
      description = "Used by the mail server to connect to LDAP for auth.";
      ldap-hashed-password =
        pkgs.lib.fudo.passwd.hash-ldap-passwd
          secrets.mail-reader-passwd.target-file;
    };

    mail-server = {
      enableContainer = true;
      monitoring = true;

      domain = domain-name;
      mail-hostname = "mail.${domain-name}";

      dovecot = {
        ldap = {
          reader-dn = "cn=${mail-reader-dn},${config.fudo.auth.ldap.base}";
          reader-password-file = secrets.mail-reader-passwd.target-file;
          server-urls = cfg.ldap-server-urls;
        };
      };

      state-directory = cfg.state-directory;
      mail-directory = cfg.mail-directory;

      clamav.enable = true;
      dkim.signing = true;
    };
  };
}