{ config, pkgs, lib, ... }:

let
  mail_config = (import ./config.nix { });

  ports = (import ../../ports.nix { });

  postfixCfg = config.services.postfix;
  rspamdCfg = config.services.rspamd;
  rspamdSocket = "rspamd.service";
in {

  services.rspamd = {
    enable = true;
    debug = mail_config.debug_mode;
    locals = {
      "milter_headers.conf" = {
        text = ''
          extended_spam_headers = yes;
        '';
      };
      "redis.conf" = {
        text = ''
          servers = "127.0.0.1:${toString ports.rspamd-redis}";
        '';
      };
      "classifier-bayes.conf" = {
        text = ''
          cache {
            backend = "redis";
          }
          min_learns = 5;
        '';
      };
      "dkim_signing.conf" = {
        text = ''
          # opendkim does this
          enabled = false;
        '';
      };
    };

    overrides = {
      "milter_headers.conf" = {
        text = ''
          extended_spam_headers = true;
        '';
      };
    };

    workers.rspamd_proxy = {
      type = "rspamd_proxy";
      bindSockets = [{
        socket = "/run/rspamd/rspamd-milter.sock";
        mode = "0664";
      }];
      count = 1;
      extraConfig = ''
        milter = yes;
        timeout = 120s;

        upstream "local" {
          default = yes;
          self_scan = yes;
        }
      '';
    };
    workers.controller = {
      type = "controller";
      count = 1;
      bindSockets = [{
        socket = "/run/rspamd/worker-controller.sock";
        mode = "0666";
      }];
      includes = [ ];
    };

  };

  services.redis.servers.rspamd = {
    enable = true;
    port = ports.rspamd-redis;
  };

  systemd.services.rspamd = {
    requires = [ "redis-rspamd.service" ];
    after = [ "redis-rspamd.service" ];
  };

  systemd.services.postfix = {
    after = [ rspamdSocket ];
    requires = [ rspamdSocket ];
  };

  users.extraUsers.${postfixCfg.user}.extraGroups = [ rspamdCfg.group ];
}