{ lib, pkgs, config,  ... }:
let
  roundcubemail = pkgs.callPackage ./roundcubemail.nix {
    inherit (pkgs.webapps) roundcubemail;
    env = config.myEnv.tools.roundcubemail;
    inherit config;
  };
  rainloop = pkgs.callPackage ./rainloop.nix {
    rainloop = pkgs.rainloop-community;
  };
  cfg = config.myServices.websites.tools.email;
  pcfg = config.services.phpfpm.pools;
in
{
  options.myServices.websites.tools.email = {
    enable = lib.mkEnableOption "enable email website";
  };

  imports = [
    ./mta-sts.nix
  ];

  config = lib.mkIf cfg.enable {
    secrets.keys = roundcubemail.keys;

    services.websites.env.tools.modules =
      [ "proxy_fcgi" ]
      ++ rainloop.apache.modules
      ++ roundcubemail.apache.modules;

    services.websites.env.tools.vhostConfs.mail = {
      certName   = "mail";
      addToCerts = true;
      hosts      = ["mail.immae.eu"];
      root       = ./www;
      extraConfig = [
        (rainloop.apache.vhostConf pcfg.rainloop.socket)
        (roundcubemail.apache.vhostConf pcfg.roundcubemail.socket)
        ''
          <Directory ${./www}>
            Require all granted
            Options -Indexes
          </Directory>
        ''
      ];
    };
    systemd.services = {
      phpfpm-rainloop = {
        after = lib.mkAfter rainloop.phpFpm.serviceDeps;
        wants = rainloop.phpFpm.serviceDeps;
      };
      phpfpm-roundcubemail = {
        after = lib.mkAfter roundcubemail.phpFpm.serviceDeps;
        wants = roundcubemail.phpFpm.serviceDeps;
      };
    };

    services.phpfpm.pools.roundcubemail = {
      user = "wwwrun";
      group = "wwwrun";
      settings = roundcubemail.phpFpm.pool;
      phpOptions = config.services.phpfpm.phpOptions + ''
        date.timezone = 'CET'
      '';
      phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.imagick ]);
    };
    services.phpfpm.pools.rainloop = {
      user = "wwwrun";
      group = "wwwrun";
      settings = rainloop.phpFpm.pool;
      phpPackage = pkgs.php72;
    };
    system.activationScripts = {
      roundcubemail = roundcubemail.activationScript;
      rainloop = rainloop.activationScript;
    };
  };

}