{ config, lib, ... }:

with lib;

let
  mkServiceOption = { desc, defaultEnabled ? false, extraOpts ? {} }: mkOption {
    description = "Configuration for the ${desc}";
    default = {};
    type = types.submodule {
      options = {
        enable = mkEnableOption desc // { default = defaultEnabled; };
      } // extraOpts;
    };
  };

  mkPortOption = default: mkOption {
    type = types.port;
    default = default;
    description = "Port for the service to listen on.";
  };

in {
  options.module = {
    domain = mkOption {
      type = types.str;
      default = "wateir.fr";
    };

    hostName = mkOption {
      type = types.str;
      default = "${config.networking.hostName}.${config.module.domain}";
      description = "Global FQDN for all hosted services.";
    };

    smtpServer = mkServiceOption {
      desc = "Mail Service with Environment Credentials";
      extraOpts = {
        username = lib.mkOption { type = lib.types.str; };
        password = lib.mkOption { type = lib.types.str; };

        host = lib.mkOption {
          type = types.str;
          default = "tls://smtp.purelymail.com";
        };

        port = lib.mkOption { type = lib.types.port; default = 465; };
      };
    };

    acme = mkServiceOption {
      desc = "ACME DNS Challenge";
    };

    tailscale = mkServiceOption {
      desc = "Tailscale VPN";
      defaultEnabled = true;
    };

    newt = mkServiceOption {
      desc = "Newt custom wireguard tunnel";
    };

    roundcube = mkServiceOption {
      desc = "Roundcube webapp";
      extraOpts = { port = mkPortOption 1984; };
    };

    vaultwarden = mkServiceOption {
      desc = "Vaultwarden password manager";
      extraOpts = {
        externalPort = mkPortOption 8000;
        internalPort = mkPortOption 8222;
      };
    };

    searxng = mkServiceOption {
      desc = "SearXNG meta-search engine";
      extraOpts = { port = mkPortOption 1692; };
    };
  };
}