# SPDX-FileCopyrightText: V <v@unfathomable.blue>
# SPDX-FileCopyrightText: edef <edef@unfathomable.blue>
# SPDX-License-Identifier: OSL-3.0

{ pkgs, ... }:

{
  services.postfix = {
    # TODO(V): Set myorigin to $mydomain?

    # We accept mail to ourselves and to the apex
    destination = [ "$myhostname" "$mydomain" ];

    # TODO(V): Restrict authorized_submit_users to system users

    # TODO(V): Authenticate users
    networks = [
      # Defaults
      "127.0.0.1/32"
      "157.90.172.8/32"
      "10.102.120.0/32"
      "[::1]/128"
      "[2a01:4f8:1c0c:46a9::1:f93f]/128"
      "[fe80::9400:ff:feae:b407]/128"

      # Intranet
      "10.102.120.0/24"
    ];

    # Wait, why is this enabled here?
    recipientDelimiter = "+";

    # TODO(V): postscreen + DNSBLs
    # TODO(V): postgrey

    rootAlias = "v, edef";

    # TODO(V): Forward mails to root to both edef & V
    # TODO(V): Forward mails to postmaster to both edef & V
    # TODO(V): Add extra aliases (Alyssa has abuse, noc, security, hostmaster, usenet, news, webmaster, www, uucp, and ftp)
    # TODO(V): Add more notify_classes
  };

  systemd.user.paths.mail = {
    description = "New mail trigger";
    wantedBy = [ "paths.target" ];
    pathConfig.PathChanged = "/var/mail/%u/new";
    unitConfig.ConditionPathExists = "%h/.notmuch-config";
  };

  systemd.user.services.mail = {
    description = "New mail indexing";
    serviceConfig = {
      Type = "exec";
      ExecStart = "${pkgs.notmuch}/bin/notmuch new";
    };
  };
}