{ config, lib, ... }:

with lib;

let
  cfg = config.machine;
in {
  imports = [
    ../../options/mailman3/options.nix
  ];

  config.machine = rec {
    hostName = "CDServer";
    domain = "countdown-dresden.de";
    extraDomains = [ "iz-ev.de" "clubduererstrasse.de" ];
    administrators = [
      { name = "kevin"; id = 1337; }
      { name = "reinhold"; id= 1000; }
    ];
    mailAccounts = import "${cfg.secretPath}/mailAccounts.nix";
    allowUnfree = false;
    conffiles = [
      "etcvars"
      "security"
      "zsh"
    ];
    pkgs = [
      "base"
      "server"
    ];
    services = [
      "fail2ban"
      "gitea"
      "mailserver"
      "mariaDB"
      "nextcloud"
      "nginx"
      "openssh"
#      "cd-internes"
#      "docker"
    ];
    vHosts = (flatten (map (base: [
      { domain = base; service = "simple"; }
      { domain = "storage.${base}"; service = "nextcloud"; }
      { domain = "mail.${base}"; service = "mail"; }
      { domain = "git.${base}"; service = "gitea"; }
    ]) ([ domain ] ++ extraDomains)));
    firewall = {
      enable = true;
      allowPing = false;
      allowedUDPPorts = [ 22 80 443 ];
      allowedTCPPorts = [ 80 443 ];
    };
  };
  config.services.mailman3 = {
    enable = true;
    site_owner = "derped@ophanim.de";
    database = {
      type = "mysql";
      name = "mailman3";
      user = "mailman3";
      host = "localhost";
      port = 3306;
      passwordFile = "${cfg.secretPath}/mailman3_db";
    };
    mta = {
      lmtp_host = "mail.ophanim.de";
      smtp_host = "mail.ophanim.de";
      smtp_user = "mailman3";
      smtp_passFile = "${cfg.secretPath}/mailman3_mail";
    };
  };
}