{ pkgs, lib, config, ... }:
let inherit (config.users) groups;
    domain = "sourcephile.fr";
in
{
systemd.services.public-inbox-httpd = {
  serviceConfig.SupplementaryGroups = [ groups."git-daemon".name ];
};
services.public-inbox = {
  enable = true;
  path = with pkgs; [ /*spamassassin*/ ];
  #mda.args = [ "--no-precheck" ];
  mda.spamCheck = null;
  watch.spamCheck = null;

  http.mounts = [
    "https://mails.${domain}/inbox"
    "https://public-inbox.${domain}/inbox"
  ];
  wwwListing = "match=domain";
  config.publicinbox = {
    css = [ "href=https://mails.${domain}/style/light.css" ];
  };

  nntpServer = [ "nntps://news.${domain}" ];
  nntp.cert = "/var/lib/acme/${domain}/fullchain.pem";
  nntp.key = "/var/lib/acme/${domain}/key.pem";
  nntp.extraGroups = [ groups.acme.name ];

  inboxes = {
    atelier = {
      address = [
        "atelier@${domain}"
        "public-inbox+atelier@${domain}"
      ];
      description = ''
        atelier@${domain} :
        discussions concernant le développement logiciel.
      '';
      url = "https://mails.${domain}/inbox/atelier";
      newsgroup = "inbox.comp.sourcephile.atelier";
      config.coderepo = [
        "sourcephile-txt"
        # TODO: list many source code repositories
      ];
    };
    bar = {
      address = [
        "bar@${domain}"
        "public-inbox+bar@${domain}"
      ];
      description = ''
        bar@${domain} :
        discussions concernant l'informatique en général.
      '';
      url = "https://mails.${domain}/inbox/bar";
      newsgroup = "inbox.comp.sourcephile.bar";
    };
    contact = {
      address = [
        "contact@${domain}"
        "public-inbox+contact@${domain}"
      ];
      description = ''
        contact@${domain} :
        discussions avec le grand public.
      '';
      url = "https://mails.${domain}/inbox/contact";
      newsgroup = "inbox.comp.sourcephile.contact";
      #config.coderepo = [ "sourcephile" ];
    };
    ecole = {
      address = [
        "ecole@${domain}"
        "public-inbox+ecole@${domain}"
      ];
      description = ''
        ecole@${domain} :
        discussions pour s'entraider en informatique.
      '';
      url = "https://mails.${domain}/inbox/ecole";
      newsgroup = "inbox.comp.sourcephile.ecole";
      config.coderepo = [ "sourcephile-txt" ];
    };
    environnement = {
      address = [
        "environnement@${domain}"
        "public-inbox+environnement@${domain}"
      ];
      description = ''
        environnement@${domain} :
        discussions sur les impacts environnementaux de l'informatique.
      '';
      url = "https://mails.${domain}/inbox/environnement";
      newsgroup = "inbox.comp.sourcephile.environnement";
      config.coderepo = [ "sourcephile-txt" ];
    };
    labo = {
      address = [
        "labo@${domain}"
        "public-inbox+labo@${domain}"
      ];
      description = ''
        labo@${domain} :
        discussions concernant la science de l'informatique.
      '';
      url = "https://mails.${domain}/inbox/labo";
      newsgroup = "inbox.comp.sourcephile.labo";
      config.coderepo = [
        "sourcephile-txt"
        # TODO: list many source code repositories
      ];
    };
    machines = {
      address = [
        "machines@${domain}"
        "public-inbox+machines@${domain}"
      ];
      description = ''
        machines@${domain} :
        discussions concernant l'administration technique de l'infrastructure informatique.
      '';
      url = "https://mails.${domain}/inbox/machines";
      newsgroup = "inbox.comp.sourcephile.machines";
      config.coderepo = [ "sourcephile-txt" "sourcephile-nix" ];
    };
    pont = {
      address = [
        "pont@${domain}"
        "public-inbox+pont@${domain}"
      ];
      description = ''
        pont@${domain} :
        discussions à l'attention de l'ensemble des personnes à bord.
      '';
      url = "https://mails.${domain}/inbox/pont";
      newsgroup = "inbox.comp.sourcephile.pont";
      config.coderepo = [ "sourcephile-txt" ];
    };
    test = {
      address = [
        "test@${domain}"
        "public-inbox+test@${domain}"
      ];
      description = ''
        test@${domain} :
        une cible de test pour effectuer des tirs de mails.
      '';
      url = "https://mails.${domain}/inbox/test";
      newsgroup = "inbox.comp.sourcephile.test";
      config = {
        hide = [ "www" "manifest" ];
      };
    };
  };

  config.coderepo = {
    sourcephile-txt = {
      dir = "/var/lib/gitolite/repositories/sourcephile-txt.git";
      cgitUrl = "https://code.${domain}/sourcephile-txt.git";
    };
    sourcephile-nix = {
      dir = "/var/lib/gitolite/repositories/sourcephile-nix.git";
      cgitUrl = "https://code.${domain}/sourcephile-nix.git";
    };
  };
};
security.acme.certs."${domain}" = {
  postRun = "systemctl try-restart public-inbox-nntpd";
};
networking.nftables.ruleset = ''
  add rule inet filter net2fw tcp dport 563 counter accept comment "NNTPS"
'';
systemd.services.public-inbox-nntpd = {
  wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service"];
  after = [ "acme-selfsigned-${domain}.service" ];
};
}