{ config, pkgs, ... }:

{
  # imports = [ ./dex.nix ];

  # environment.systemPackages = with pkgs; [
  #   openssl
  # ];

  services.outline = {

    enable = true;
    publicUrl = "https://outline.${config.networking.domain}";
    defaultLanguage = "de_DE";
    storage.storageType = "local";

    # smtp = {
    #   username = "kein_schlussstrich_hessen@systemli.org";
    #   passwordFile = "/var/custom-access/outline-smtp-password.txt";
    #   fromEmail = "kein_schlussstrich_hessen@systemli.org";
    #   replyEmail = config.services.outline.smtp.fromEmail;
    #   host = "mail.systemli.org";
    #   # secure = false;
    #   port = 465;
    # };

    smtp = {
      username = "outline";
      passwordFile = "/dev/null";
      fromEmail = "outline@${config.networking.domain}";
      replyEmail = config.services.outline.smtp.fromEmail;
      host = "localhost";
      secure = false;
      port = 25;
    };

    # oidcAuthentication = {
    #   authUrl = "https://${dex.hostname}/auth";
    #   tokenUrl = "https://${dex.hostname}/token";
    #   userinfoUrl = "https://${dex.hostname}/userinfo";
    #   clientId = "outline";
    #   clientSecretFile = (builtins.elemAt config.services.dex.settings.staticClients 0).secretFile;
    #   scopes = [ "openid" "email" "profile" ];
    #   usernameClaim = "preferred_username";
    #   displayName = "Dex";
    # };
  };

  security.acme.certs."${config.networking.domain}".extraDomainNames = [
    "outline.${config.networking.domain}"
  ];

  services.nginx.virtualHosts = {
    "outline.${config.networking.domain}" = {
      onlySSL = true;
      useACMEHost = config.networking.domain;
      locations."/" = {
        proxyPass = "http://127.0.0.1:${toString config.services.outline.port}";
        proxyWebsockets = true;
        extraConfig = ''
          proxy_set_header X-Scheme $scheme;
        '';
      };
    };

  };
}