{ config, lib, ... }:

{
  config = {
    services.vikunja = {
      enable = true;
      frontendScheme = "https";
      frontendHostname = "vikunja.yggdrasil.li";
      settings = {
        service = {
          interface = lib.mkForce "[2a03:4000:52:ada:4:1::]:3456";
          enableregistration = false;
          publicurl = with config.services.vikunja; "${frontendScheme}://${frontendHostname}/";
        };

        mailer = {
          enabled = true;
          host = "mailsub.bouncy.email";
          port = 466;
          username = "vikunja";
          fromemail = "vikunja@bouncy.email";
          forcessl = true;
        };
      };
      database = {
        host = "/run/postgresql";
        type = "postgres";
      };
      environmentFiles = [
        config.sops.secrets."vikunja_env".path
      ];
    };

    sops.secrets."vikunja_env" = {
      format = "binary";
      sopsFile = ./vikunja_env;
    };

    services.postgresql = {
      ensureDatabases = [ "vikunja" ];
      ensureUsers = [
        {
          name = "vikunja";
          ensureDBOwnership = true;
          ensureClauses.login = true;
        }
      ];
    };

    systemd.services.vikunja = {
      serviceConfig = {
        User = "vikunja";
        Group = "vikunja";
      };
    };
  };
}