{ config, lib, dgn-lib, ... }:

let
  inherit (dgn-lib) setDefault;

  host = "docs.dgnum.eu";
in {
  services.outline = {
    enable = true;

    storage = {
      region = "garage";
      uploadBucketUrl = "https://s3.dgnum.eu";

      uploadBucketName = "outline-dgnum";
      accessKey = "GKb3aa6f6d6627204e8e53729c";
      secretKeyFile = config.age.secrets."outline-storage_secret_key_file".path;
    };

    smtp = {
      username = "web-services@infra.dgnum.eu";
      port = 465;
      host = "kurisu.lahfa.xyz";

      fromEmail = "docs@infra.dgnum.eu";
      replyEmail = "web-services@infra.dgnum.eu";
      passwordFile = config.age.secrets."outline-smtp_password_file".path;
    };

    redisUrl = "local";
    publicUrl = "https://${host}";

    oidcAuthentication = {
      clientId = "outline_dgn";
      authUrl = "https://sso.dgnum.eu/ui/oauth2";
      tokenUrl = "https://sso.dgnum.eu/oauth2/token";
      userinfoUrl = "https://sso.dgnum.eu/oauth2/openid/outline_dgn/userinfo";
      displayName = "DGNum SSO";

      clientSecretFile =
        config.age.secrets."outline-oidc_client_secret_file".path;
    };

    defaultLanguage = "fr_FR";

    forceHttps = false;
    port = 3003;
  };

  services.nginx.virtualHosts.${host} = {
    enableACME = true;
    forceSSL = true;

    locations."/" = {
      proxyPass = "http://localhost:3003";
      proxyWebsockets = true;
    };
  };

  dgn-secrets.options = [
    (setDefault { owner = "outline"; }
      (builtins.filter (lib.hasPrefix "outline-") config.dgn-secrets.names))
  ];
}