{ config, lib, pkgs, ... }:

with lib;

let
  cfg = config.home.roles.email;
in
{
  options.home.roles.email = {
    enable = mkEnableOption "Enable email with notmuch, mbsync, and msmtp";
  };

  config = mkIf cfg.enable {
    home.packages = with pkgs; [
      isync      # provides mbsync for IMAP sync
      msmtp      # for SMTP sending
      notmuch    # email indexing and search
      openssl    # for certificate management
    ];

    # Ensure Mail directory exists
    home.file."Mail/.keep".text = "";

    # mbsync configuration
    home.file.".mbsyncrc".text = ''
      # IMAP Account Configuration
      IMAPAccount proton
      Host proton.johnogle.info
      Port 143
      User john@ogle.fyi
      PassCmd "${pkgs.rbw}/bin/rbw get proton.johnogle.info"
      TLSType STARTTLS
      AuthMechs PLAIN

      # Remote Storage
      IMAPStore proton-remote
      Account proton

      # Local Storage
      MaildirStore proton-local
      Path ~/Mail/
      Inbox ~/Mail/INBOX
      SubFolders Verbatim

      # Channel Configuration - Sync All
      Channel proton
      Far :proton-remote:
      Near :proton-local:
      Patterns *
      Create Both
      Expunge Both
      SyncState *
    '';

    # Notmuch configuration
    home.file.".notmuch-config".text = ''
      [database]
      path=${config.home.homeDirectory}/Mail

      [user]
      name=John Ogle
      primary_email=john@ogle.fyi

      [new]
      tags=unread;inbox;
      ignore=

      [search]
      exclude_tags=deleted;spam;

      [maildir]
      synchronize_flags=true
    '';

    # msmtp configuration
    home.file.".msmtprc".text = ''
      # Default settings
      defaults
      auth           plain
      tls            on
      tls_starttls   on
      tls_trust_file /etc/ssl/certs/ca-certificates.crt
      logfile        ${config.home.homeDirectory}/.msmtp.log

      # Proton mail account
      account        proton
      host           proton.johnogle.info
      port           25
      from           john@ogle.fyi
      user           john@ogle.fyi
      passwordeval   rbw get proton.johnogle.info

      # Set default account
      account default : proton
    '';

    # Systemd service for mail sync
    systemd.user.services.mbsync = {
      Unit = {
        Description = "Mailbox synchronization service";
        After = [ "network-online.target" ];
        Wants = [ "network-online.target" ];
      };
      Service = {
        Type = "oneshot";
        ExecStart = "${pkgs.bash}/bin/bash -c '${pkgs.isync}/bin/mbsync -a && ${pkgs.notmuch}/bin/notmuch new'";
        Environment = "PATH=${pkgs.rbw}/bin:${pkgs.coreutils}/bin";
        StandardOutput = "journal";
        StandardError = "journal";
      };
    };

    # Systemd timer for automatic sync
    systemd.user.timers.mbsync = {
      Unit = {
        Description = "Mailbox synchronization timer";
      };
      Timer = {
        OnBootSec = "2min";
        OnUnitActiveSec = "5min";
        Unit = "mbsync.service";
      };
      Install = {
        WantedBy = [ "timers.target" ];
      };
    };
  };
}