{ config, lib, fp, ... }:

let
  cfg = config.services.mx-puppet-discord;
in
{
  users.groups.keys-matrix-registrations = { };

  sops.secrets."matrix/discord/as_token" = {
    sopsFile = fp /secrets/bicep/matrix.yaml;
    key = "discord/as_token";
  };
  sops.secrets."matrix/discord/hs_token" = {
    sopsFile = fp /secrets/bicep/matrix.yaml;
    key = "discord/hs_token";
  };

  sops.templates."discord-registration.yaml" = {
    owner = config.users.users.matrix-synapse.name;
    group = config.users.groups.keys-matrix-registrations.name;
    content = ''
      as_token: "${config.sops.placeholder."matrix/discord/as_token"}"
      hs_token: "${config.sops.placeholder."matrix/discord/hs_token"}"
      id: discord-puppet
      namespaces:
        users:
          - exclusive: true
            regex: '@_discordpuppet_.*'
        rooms: []
        aliases:
          - exclusive: true
            regex: '#_discordpuppet_.*'
      protocols: []
      rate_limited: false
      sender_localpart: _discordpuppet_bot
      url: 'http://localhost:8434'
      de.sorunome.msc2409.push_ephemeral: true
    '';
  };

  systemd.services.mx-puppet-discord = {
    serviceConfig.SupplementaryGroups = [
      config.users.groups.keys-matrix-registrations.name
    ];
  };


  services.mx-puppet-discord.enable = true;
  services.mx-puppet-discord.settings = {
    bridge = {
      bindAddress = "localhost";
      domain = "pvv.ntnu.no";
      homeserverUrl = "https://matrix.pvv.ntnu.no";
    };
    provisioning.whitelist = [ "@dandellion:dodsorf\\.as" "@danio:pvv\\.ntnu\\.no"];
    relay.whitelist = [ ".*" ];
    selfService.whitelist = [ "@danio:pvv\\.ntnu\\.no" "@dandellion:dodsorf\\.as" ];
  };
  services.mx-puppet-discord.serviceDependencies = [
    "matrix-synapse.target"
    "nginx.service"
  ];


  services.matrix-synapse-next.settings = {
    app_service_config_files = [
      config.sops.templates."discord-registration.yaml".path
    ];
    use_appservice_legacy_authorization = true;
  };

}