{ lib, config, myconfig, nodes, ... }:
let
  cfg = config.myServices.databases;
in
{
  options.myServices = {
    databases.enable = lib.mkEnableOption "my databases service";
    databasesCerts = lib.mkOption {
      description = "Default databases configurations for certificates as accepted by acme";
    };
  };

  config.nixpkgs.overlays = lib.mkIf cfg.enable [ (self: super: {
    postgresql = self.postgresql_11_custom;
  }) ];

  config.myServices.databases = lib.mkIf cfg.enable {
    mariadb = {
      enable = true;
      ldapConfig = {
        inherit (myconfig.env.ldap) host base;
        inherit (myconfig.env.databases.mysql.pam) dn filter password;
      };
      replicationLdapConfig = {
        inherit (myconfig.env.ldap) host base;
        inherit (myconfig.env.ldap.eldiron) dn password;
      };
      credentials.root = myconfig.env.databases.mysql.systemUsers.root;
    };

    openldap = {
      accessFile = "${myconfig.privateFiles}/ldap.conf";
      baseDn = myconfig.env.ldap.base;
      rootDn = myconfig.env.ldap.root_dn;
      rootPw = myconfig.env.ldap.root_pw;
      enable = true;
    };

    postgresql = {
      ldapConfig = {
        inherit (myconfig.env.ldap) host base;
        inherit (myconfig.env.databases.postgresql.pam) dn filter password;
      };
      replicationLdapConfig = {
        inherit (myconfig.env.ldap) host base;
        inherit (myconfig.env.ldap.eldiron) dn password;
      };
      authorizedHosts = {
        immaeEu = [{
          ip4 = [
            myconfig.env.servers.immaeEu.ips.main.ip4
            myconfig.env.servers.immaeEu.ips.alt.ip4
          ];
        }];
      };
      replicationHosts = {
        backup-1 = {
          ip4 = [myconfig.env.servers.backup-1.ips.main.ip4];
          ip6 = myconfig.env.servers.backup-1.ips.main.ip6;
        };
        backup-2 = {
          ip4 = [myconfig.env.servers.backup-2.ips.main.ip4];
          ip6 = myconfig.env.servers.backup-2.ips.main.ip6;
        };
      };
      enable = true;
    };

    redis.enable = true;
  };
}