{
  config,
  lib,
  pkgs,
  ...
}:


let
  cfg = config.services.indico;
in
{
  imports = [
    ../modules/indico.nix
  ];

  networking.firewall.allowedTCPPorts = [ 80 443 ];

  age.secrets = {
    indico-ldap-bind-password = {
      file = ../secrets/indico-ldap-bind-password.age;
    };

    indico-mail-password = {
      file = ../secrets/indico-mail-password.age;
    };

    indico-secret-key = {
      file = ../secrets/indico-secret-key.age;
    };
  };

  backups = {
    directories = [ cfg.stateDir ];
    postgresqlDatabases = [ cfg.user ];
  };

  services.indico = {
    enable = true;
    nginx.domain = "events.federez.net";
    email = {
      noReply = "indico@federez.net";
      support = "admin@federez.net";
      publicSupport = "bureau@federez.net";
      smtp = {
        host = "dodecagon.federez.net";
        login = "indico";
        passwordFile = config.age.secrets.indico-mail-password.path;
      };
    };
    ldap = {
      uri = "ldaps://ldap.federez.net";
      bindDN = "cn=indico,ou=service-users,dc=federez,dc=net";
      bindPasswordFile = config.age.secrets.indico-ldap-bind-password.path;
      userBaseDN = "cn=Utilisateurs,dc=federez,dc=net";
      userFilter = "(objectClass=inetOrgPerson)";
      groupBaseDN = "ou=posix,ou=groups,dc=federez,dc=net";
      groupFilter = "(objectClass=posixGroup)";
      memberOf = "manualMemberOf";
      gid = "cn";
    };
    secretKeyFile = config.age.secrets.indico-secret-key.path;
  };
}