{
  config,
  lib,
  pkgs,
  namespace,
  ...
}:
with lib;
let
  cfg = config.${namespace}.services.protonmail-bridge;
in
{
  imports = [ ./options.nix ];

  config = mkIf cfg.enable {
    # Open firewall for protonmail bridge if enabled
    networking.firewall = mkIf cfg.openFirewall {
      allowedTCPPorts = [
        cfg.smtpPort
        cfg.imapPort
      ];
      allowedUDPPorts = [
        cfg.smtpPort
        cfg.imapPort
      ];
    };

    # Install protonmail-bridge package
    environment.systemPackages = with pkgs; [
      protonmail-bridge
      gnome-keyring
      gnupg
      pass
    ];

    # Configure systemd user service for protonmail-bridge
    systemd.user.services.protonmail-bridge = {
      description = "Protonmail Bridge";
      enable = true;
      environment = {
        GNUPGHOME = "%h/.gnupg";
        PASSWORD_STORE_DIR = "%h/.password-store";
      };
      script = "${pkgs.protonmail-bridge}/bin/protonmail-bridge --noninteractive";
      path = with pkgs; [
        gnome-keyring
        gnupg
        pass
        protonmail-bridge
      ];
      wantedBy = [ "default.target" ];
      after = [ "gpg-agent.service" ];
    };

    # Enable gnome keyring for password storage
    security.pam.services.login.enableGnomeKeyring = true;
    services.gnome.gnome-keyring.enable = true;

    # Configure gpg-agent
    programs.gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
    };
  };
}