{ lib, ... }:

with lib;

{
  options.machine = {
    allowUnfree = mkOption {
      type = types.bool;
      description = ''
        Wether to allow the installation of unfree packages.
      '';
    };
    pkgs = mkOption {
      type = types.listOf types.str;
      description = ''
        The list of metapackages to be installed.
      '';
    };
    services = mkOption {
      type = types.listOf types.str;
      description = ''
        List of services to be enabled.
      '';
    };
    conffiles = mkOption {
      type = types.listOf types.str;
      description = ''
        List of configuration files to be enabled.
      '';
    };
    hostName = mkOption {
      type = types.str;
      description = ''
        The Machines HostName
      '';
    };
    secretPath = mkOption {
      type = types.str;
      default = (findFirst (elem: elem.prefix == "secretPath") { path = "/secret"; } builtins.nixPath).path;
      description = ''
        Path to you systems secret folder containing files with sensitive information.
      '';
    };
    administrators = mkOption {
      type = types.listOf types.attrs;
      description = ''
        List of administrative users.
      '';
    };
    domain = mkOption {
      type = types.str;
      default = "localhost";
      description = ''
        The Machines domain name.
      '';
    };
    mailAccounts = mkOption {
      type = types.listOf types.attrs;
      description = ''
        List of mail account user names.
      '';
    };
    vHosts = mkOption {
      type = types.listOf types.attrs;
      description = ''
        Domain - Service mappings for nginx vHost config.
      '';
    };
    desktop.wms = mkOption {
      type = types.listOf types.str;
      default = [];
      description = ''
        The list of wms to be enabled.
      '';
    };
  };
  imports = [(mkAliasOptionModule [ "machine" "firewall" ] [ "networking" "firewall" ])];
}