{ config, pkgs, lib, ... }:

with lib;

let
  cfg = config.numbus.mail;
in

{
  options.numbus.mail = {
    enable = mkEnableOption "Email sending functionality";

    userAddress = mkOption {
      description = "The address of the user this server will send emails to";
      type = types.str;
      example = "user@your-domain.com";
    };

    adminAddress = mkOption {
      description = "The address of the admin this server will send emails to";
      type = types.str;
      example = "admin@your-domain.com";
    };

    smtpUsername = mkOption {
      description = "The username/email that will be use to authenticate to the SMTP server";
      type = types.str;
      example = "your-smtp-enabled-address@your-domain.com";
    };

    smtpPasswordPath = mkOption {
      description = "The path to a file containing the password that will be use to authenticate to the SMTP server";
      type = types.path;
      example = /run/secrets/system/mail/smtpPassword;
    };

    fromAddress = mkOption {
      description = "This server will send emails from this address";
      type = types.str;
      default = "numbus-server-noreply@${config.numbus.services.domain}";
      example = "numbus-server-noreply@your-domain.com";
    };

    smtpServer = mkOption {
      description = "The SMTP server address your server will use to send emails";
      type = types.str;
      default = "smtp.gmail.com";
      example = "smtp.your-provider.com";
    };

    smtpPort = mkOption {
      description = "The SMTP port your server will connect to to send emails";
      type = types.port;
      default = 587;
      example = 587;
    };

    smtpEncryption = mkOption {
      description = "The encryption method for SMTP : NONE (NOT RECOMMENDED), TLS (port 465, also called SSL), or STARTTLS (port 587). STARTTLS is recommended.";
      type = types.enum [ "NONE" "TLS" "STARTTLS" ];
      default = "STARTTLS";
      example = "STARTTLS";
    };
  };

  config = mkIf cfg.enable {
    sops.secrets."smtpPassword" = {
      sopsFile = /etc/nixos/secrets/system/mail.yaml;
      owner = "numbus-admin";
      mode = "0600";
    };

    environment.etc."aliases" ={ 
      mode = "0440";
      text = ''
        root: ${cfg.userAddress}, ${cfg.adminAddress}
      '';
    };

    programs.msmtp = {
      enable = true;
      defaults = {
        aliases = "/etc/aliases";
        timeout = 60;
        syslog = "on";
      };
      accounts.default = {
        auth = true;
        host = cfg.smtpServer;
        port = cfg.smtpPort;
        from = cfg.fromAddress;
        user = cfg.smtpUsername;
        tls = true;
        tls_starttls = true;
        passwordeval = "${pkgs.coreutils}/bin/cat ${cfg.smtpPasswordPath}";
      };
    };
  };
}