{ config, ... }:

{
  mailserver = {
    enable = true;
    stateVersion = 3;
    fqdn = "taf.lyes.eu";
    domains = [
      "lyes.eu"
      "mail.lyes.eu"
    ];

    localDnsResolver = false;
    enableManageSieve = true;

    # debug.all = true;

    # ldap = {
    #   enable = true;

    #   uris = [ "ldaps://auth.lyes.eu:636" ];
    #   searchBase = "dc=auth,dc=lyes,dc=eu";
    #   searchScope = "sub";

    #   bind = {
    #     # dn = "dn=token,dc=auth,dc=lyes,dc=eu";
    #     dn = "dn=token";
    #     passwordFile = config.age.secrets.taf-token.path;
    #   };

    #   dovecot = {
    #     userFilter = "(name=%u)";
    #     passFilter = "(name=%u)";
    #   };

    #   postfix = {
    #     filter = "(name=%s)";
    #     mailAttribute = "mail";
    #     uidAttribute = "name";
    #   };
    # };

    loginAccounts = {
      "lyes@mail.lyes.eu" = {
        hashedPasswordFile = config.age.secrets.lyes-mail-passwd.path;
        aliases = [
          "@lyes.eu"
        ];
        quota = "1T";
        sieveScript = ''
          require ["include", "fileinto", "mailbox", "copy", "regex", "variables"];

          include :personal "hiddensieve";

          if address :is :domain "X-Original-To" "lyes.eu" {
            if address :localpart :regex "X-Original-To" "^(([a-zA-Z]+\\.)*([a-zA-Z]+))(-([a-zA-Z0-9_.\\-]*))?''$" {
              set "mbox_candidate" "INBOX.''${1}";
              fileinto :create "''${mbox_candidate}";
            }
            else {
              fileinto :create "INBOX.other";
            }
          }
          elsif address :is "X-Original-To" "lyes@mail.lyes.eu" {
            fileinto :create "INBOX";
          }
          else {
            fileinto :create "INBOX.other";
          }
        '';
      };
    };

    # extraVirtualAliases = {
    #   "@lyes.eu" = "lyes@mail.lyes.eu";
    # };

    certificateScheme = "acme-nginx";
  };

  # services.dovecot2.extraConfig = ''
  #   userdb {
  #     driver = ldap
  #     auth_bind = yes
  #     # pass_attrs = uid=user
  #     pass_filter = (name=%u)
  #   }

  #   passdb {
  #     driver = ldap
  #     auth_bind = yes
  #     # pass_attrs = uid=user
  #     pass_filter = (name=%u)
  #   }
  # '';

  services.roundcube = {
    enable = true;

    hostName = "taf.lyes.eu";
    extraConfig = ''
      $config['imap_host'] = "ssl://taf.lyes.eu:993";
      $config['smtp_host'] = "tls://taf.lyes.eu";
      $config['smtp_port'] = 587;
      $config['smtp_user'] = "%u";
      $config['smtp_pass'] = "%p";
    '';
  };

  age.secrets = {
    taf-token = {
      owner = "postfix";
      file = ../../../secrets/zora/services/taf-token.age;
    };

    lyes-mail-passwd = {
      owner = "postfix";
      file = ../../../secrets/lyes/mail-passwd.age;
    };

    lyes-hidden-sieve = {
      file = ../../../secrets/lyes/hidden-sieve.age;
      path = "/var/sieve/lyes@mail.lyes.eu/scripts/hiddensieve.sieve";
      owner = "virtualMail";
      group = "virtualMail";
      mode = "660";
    };
  };
}