{ pkgs, config, ... } @ args:

let cfg = config.libkookie.workstation.mail;
in
{
  # Might want to run mbsync manually
  environment.systemPackages = with pkgs; [ isync ];

  # Setup user to fetch mail
  users.users.mail-user = {
    createHome = true;
    inherit (cfg.access) group;
    home = "/var/lib/mail";
    isSystemUser = true;
  };

  systemd.services.isync = (import ./isync.nix) args;
  
  systemd.timers.isync = {
    timerConfig.Unit = "isync.service";
    timerConfig.OnCalendar = "*:0/5";
    timerConfig.Persistent = "true";
    after = [ "network-online.target" ];
    wantedBy = [ "timers.target" ];
  };

  # FIXME: this doesn't work and has never worked
  # This sudoers rule allows anyone in the wheel group to run this
  # particular command without a password. Make sure that 'startISync'
  # is present in a path (environment.systemPackages above)!
  # security.sudo.extraRules = [
  #   { commands = [ { command = "${startISync}/bin/start-isync";
  #                    options = [ "NOPASSWD" ]; } ];
  #     groups = [ "wheel" ];  }
  # ];
}