{ config, pkgs, ... }:

let

  outline = {
    hostname = "outline.${config.networking.domain}";
    mail = "outline@${config.networking.domain}";
  };

in {

  services.outline = {
    enable = true;
    publicUrl = "https://${outline.hostname}";
    storage.storageType = "local";
    defaultLanguage = "de_DE";

    smtp = {
      username = "outline";
      passwordFile = "/dev/null";
      fromEmail = outline.mail;
      replyEmail = config.services.outline.smtp.fromEmail;
      host = "localhost";
      secure = false;
      port = 25;
    };

    # oidcAuthentication = {
    #   authUrl = "https://${dex.hostname}/auth";
    #   tokenUrl = "https://${dex.hostname}/token";
    #   userinfoUrl = "https://${dex.hostname}/userinfo";
    #   clientId = "outline";
    #   clientSecretFile = (builtins.elemAt config.services.dex.settings.staticClients 0).secretFile;
    #   scopes = [ "openid" "email" "profile" ];
    #   usernameClaim = "preferred_username";
    #   displayName = "Dex";
    # };
  };

  security.acme.certs."${config.networking.domain}".extraDomainNames = [
    "outline.${config.networking.domain}"
  ];

  services.nginx.virtualHosts = {
    "outline.${config.networking.domain}" = {
      onlySSL = true;
      useACMEHost = config.networking.domain;
      locations."/" = {
        proxyPass = "http://127.0.0.1:${toString config.services.outline.port}";
        proxyWebsockets = true;
        extraConfig = ''
          proxy_set_header X-Scheme $scheme;
        '';
      };
    };

  };
}