{
  pkgs,
  config,
  lib,
  ...
}: let
in {
  imports = [
    ./_bitwarden_sync_module.nix
  ];

  options = {};

  config = {
    age.secrets.bitwarden_sync_api.file = ../../secrets/bitwarden/api.age;
    age.secrets.bitwarden_sync_ldap.file = ../../secrets/ldap/details.age;

    services.bitwarden_directory_connector = {
      enable = true;

      domain = "https://pw.skynet.ie";

      package = pkgs.callPackage ./_bitwarden-directory-connector.nix {};

      pw_env = "LDAP_ADMIN_PW";

      ldap = {
        ssl = false;
        startTls = false;
        sslAllowUnauthorized = false;
        ad = false;
        port = 389;
        hostname = "account.skynet.ie";
        rootPath = "dc=skynet,dc=ie";
        username = "cn=admin,dc=skynet,dc=ie";
      };

      sync = {
        removeDisabled = true;
        overwriteExisting = false;
        largeImport = false;
        memberAttribute = "member";
        creationDateAttribute = "skCreated";

        users = true;
        userPath = "ou=users";
        userObjectClass = "inetOrgPerson";
        userEmailAttribute = "skMail";
        userFilter = "(|(memberOf=cn=skynet-committee,ou=groups,dc=skynet,dc=ie)(memberOf=cn=skynet-admins,ou=groups,dc=skynet,dc=ie))";

        groups = true;
        groupPath = "ou=groups";
        groupObjectClass = "groupOfNames";
        groupNameAttribute = "cn";
      };

      env = {
        bitwarden = config.age.secrets.bitwarden_sync_api.path;
        ldap = config.age.secrets.bitwarden_sync_ldap.path;
      };
    };
  };
}