{ config, lib, pkgs, ... }:

let
  quassel = pkgs.libsForQt5.callPackage ./package.nix {
    tag = "-core";

    client = false;
    monolithic = false;
    enableDaemon = true;

    withKDE = false;
  };
in
{
  disabledModules =
    [ "services/networking/quassel.nix" ];
  imports = [ ./quassel.nix ];

  services.quassel = {
    enable = true;
    package = quassel;
    openFirewall = true;
    extraGroups = [ "acme" ];
    settings = {
      listen = [ "178.63.224.10" "2a01:4f8:231:56a::10" ];
      dataDir = "/var/lib/quassel";
      useDeclarativeConfig = true;
      db = {
        backend = "postgresql";
      };
      metrics.enable = true;
      logLevel = "Debug";
      ssl = {
        required = true;
        certFile = "/var/lib/acme/cocaine.farm/cert.pem";
        keyFile = "/var/lib/acme/cocaine.farm/key.pem";
      };
      auth = {
        authenticator = "LDAP";
        ldap = {
          hostname = "ldap://10.10.0.1";
          port = 389;
          bindDN = "cn=quassel,ou=users,dc=quassel,dc=vapor,dc=systems";
          baseDN = "dc=quassel,dc=vapor,dc=systems";
          filter = "(objectClass=inetOrgPerson)";
          uidAttribute = "cn";
        };
      };
    };
    environmentFile = "/etc/secrets/quassel-ldap";
  };

  secrets = {
    quasselLdap = {
      source = ../../secrets/authentik/quassel;
      dest = "/etc/secrets/quassel-ldap";
    };
  };

  security.acme.certs = {
    "cocaine.farm" = {
      reloadServices = [ "quassel" ];
    };
  };
}