{ lib, config, pkgs, ... }:

with lib;

let
  cfg = config.services.mailserver;
in
{
  options.services.mailserver = {
    enable = mkEnableOption "Mail Server";
    domaine = mkOption {
      type = types.str;
      example = "example.com";
      description = "Nom de domaine du serveur de mails";
    };
  };

  imports = [
    (builtins.fetchTarball {
      url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/5cd6f8e7b3f5d5bf56e407c5e79a682cb250d911/nixos-mailserver-5cd6f8e7b3f5d5bf56e407c5e79a682cb250d911.tar.gz";
      sha256 = "0vdq5qsz8vvaryyzsama76lh3v57abvq3j5a3hb23yp7z2wlrk63";
    })
  ];

  config = mkIf cfg.enable {

    mailserver = {
      enable = true;
      fqdn = "mail.${cfg.domaine}";
      domains = [ cfg.domaine ];

      # A list of all login accounts. To create the password hashes, use
      # mkpasswd -m sha-512 "super secret password"
      loginAccounts = {
        "paul@${cfg.domaine}" = {
          hashedPassword = "$6$8wWQbtqVqUoH8$pQKg0bZPcjCbuPvyhjJ1lQy949M/AgfmAye/hDEIVUnCfwtlUxC1yj8CBHpNKeiiXhd8IUqk9r0/IJNvB6okf0";
        };
      };

      # Certificate setup
      certificateScheme = 1;
      certificateFile = "/var/lib/acme/${cfg.domaine}/fullchain.pem";
      keyFile = "/var/lib/acme/${cfg.domaine}/key.pem";

      # Enable IMAP and POP3
      enableImap = true;
      enablePop3 = true;
      enableImapSsl = true;
      enablePop3Ssl = true;

      # Enable the ManageSieve protocol
      enableManageSieve = true;
    };

    services.postfix = {
      relayHost = "mailvps.nyanlout.re";
      relayPort = 587;
      config = {
        smtp_tls_cert_file = lib.mkForce "/var/lib/postfix/postfixrelay.crt";
        smtp_tls_key_file = lib.mkForce "/var/lib/postfix/postfixrelay.key";
      };
    };

    security.acme.certs = {
      "${cfg.domaine}" = {
        extraDomainNames = [
          "mail.${cfg.domaine}"
        ];
        postRun = ''
          systemctl reload dovecot2.service
        '';
      };
    };

  };
}