nix-config/modules/nixos/services/protonmail-bridge/default.nix

{
  config,
  lib,
  pkgs,
  namespace,
  ...
}:
with lib;
let
  inherit (lib.${namespace}) mkOpt;
  name = "protonmail-bridge";
  cfg = config.${namespace}.services.${name};

  protonmailConfig = lib.${namespace}.mkModule {
    inherit config name;
    description = "protonmail bridge";
    options = {
      imapPort = mkOpt types.int 1025 "imap port";
      smtpPort = mkOpt types.int 1143 "smtp port";
    };
    moduleConfig = {
      # Open firewall for protonmail bridge if enabled
      networking.firewall = mkIf cfg.openFirewall {
        allowedTCPPorts = [
          cfg.smtpPort
          cfg.imapPort
        ];
        allowedUDPPorts = [
          cfg.smtpPort
          cfg.imapPort
        ];
      };

      # Install protonmail-bridge package
      environment.systemPackages = with pkgs; [
        protonmail-bridge
        gnome-keyring
        gnupg
        pass
      ];

      # Configure systemd user service for protonmail-bridge
      systemd.user.services.protonmail-bridge = {
        description = "Protonmail Bridge";
        enable = true;
        environment = {
          GNUPGHOME = "%h/.gnupg";
          PASSWORD_STORE_DIR = "%h/.password-store";
        };
        script = "${lib.getExe pkgs.protonmail-bridge} --noninteractive";
        path = with pkgs; [
          gnome-keyring
          gnupg
          pass
          protonmail-bridge
        ];
        wantedBy = [ "default.target" ];
        after = [ "gpg-agent.service" ];
      };

      # Configure gpg-agent
      programs.gnupg.agent = {
        enable = true;
        enableSSHSupport = true;
      };
    };
  };
in
{
  imports = [ protonmailConfig ];
}