{
  pkgs,
  config,
  lib,
  ...
}: let
in {
  imports = [
    ./_bitwarden_sync_module.nix
  ];

  options = {};

  config = {
    age.secrets.bitwarden_sync_api.file = ../../secrets/bitwarden/api.age;
    age.secrets.bitwarden_sync_ldap.file = ../../secrets/ldap/details.age;

    services.bitwarden_directory_connector = {
      enable = true;

      domain = "https://pw.skynet.ie";

      package = pkgs.callPackage ./_bitwarden-directory-connector.nix {};

      ldap = {
        ssl = false;
        startTls = false;
        sslAllowUnauthorized = false;
        ad = false;
        port = 389;
        hostname = "account.skynet.ie";
        root = "dc=skynet,dc=ie";
        username = "cn=admin,dc=skynet,dc=ie";
        pw_env = "LDAP_ADMIN_PW";
      };

      sync = {
        removeDisabled = true;
        overwriteExisting = false;
        largeImport = false;
        memberAttribute = "member";
        creationDateAttribute = "skCreated";
        emailPrefixSuffix.enable = false;
        users = {
          enable = true;
          path = "ou=users";
          objectClass = "inetOrgPerson";
          emailAttribute = "skMail";
          filter = "(|(memberOf=cn=skynet-committee,ou=groups,dc=skynet,dc=ie)(memberOf=cn=skynet-admins,ou=groups,dc=skynet,dc=ie))";
        };
        groups = {
          enable = true;
          path = "ou=groups";
          objectClass = "groupOfNames";
          nameAttribute = "cn";
          filter = "";
        };
      };

      env = {
        bitwarden = config.age.secrets.bitwarden_sync_api.path;
        ldap = config.age.secrets.bitwarden_sync_ldap.path;
      };
    };
  };
}