{ config, ... }:

let
  host = "docs.dgnum.eu";
  port = 3003;
in
{
  services.outline = {
    enable = true;

    storage.storageType = "local";

    smtp = {
      username = "web-services@infra.dgnum.eu";
      port = 465;
      host = "kurisu.lahfa.xyz";

      fromEmail = "docs@infra.dgnum.eu";
      replyEmail = "web-services@infra.dgnum.eu";
      passwordFile = config.age.secrets."outline-smtp_password_file".path;
    };

    redisUrl = "local";
    publicUrl = "https://${host}";

    oidcAuthentication = {
      clientId = "outline_dgn";
      authUrl = "https://sso.dgnum.eu/ui/oauth2";
      tokenUrl = "https://sso.dgnum.eu/oauth2/token";
      userinfoUrl = "https://sso.dgnum.eu/oauth2/openid/outline_dgn/userinfo";
      displayName = "DGNum SSO";

      clientSecretFile = config.age.secrets."outline-oidc_client_secret_file".path;
    };

    defaultLanguage = "fr_FR";

    forceHttps = false;
    inherit port;
  };

  dgn-web.simpleProxies.outline = {
    inherit host port;
    vhostConfig.locations."/robots.txt".return = ''200 "User-agent: *\nDisallow: /s/demarches-normaliennes/\n"'';
  };

  age-secrets.autoMatch = [ "outline" ];

  dgn-backups.jobs.outline.settings.paths = [ "/var/lib/outline" ];
  dgn-backups.postgresDatabases = [ "outline" ];
}