{ config, pkgs, lib, ... }:

lib.mkIf config.module.roundcube.enable {
  age.secrets = {
    smtp_server = {
      file = ../secrets/smtp_server.age;
      owner = "roundcube";
      group = "roundcube";
      mode = "0400";
    };
    imap_server = {
      file = ../secrets/imap_server.age;
      owner = "roundcube";
      group = "roundcube";
      mode = "0400";
    };
  };


  services.roundcube = {
    enable = true;
    hostName = "mail.${config.module.domain}";

    plugins = [ "multiple_accounts" ];
    configureNginx = false;

    extraConfig = ''
      $config['default_host'] = trim(
        file_get_contents('${config.age.secrets.imap_server.path}')
      );
      $config['default_port'] = 993;
      $config['smtp_server'] = trim(
        file_get_contents('${config.age.secrets.smtp_server.path}')
      );
      $config['smtp_port'] = 465;
      $config['smtp_user'] = '%u';
      $config['smtp_pass'] = '%p';
    '';

  };

  systemd.services.nginx.serviceConfig.ProtectHome = false;
  users.groups.roundcube.members = [ "nginx" ];
}