# irc-public.nix - Public-facing IRC server configuration
{
  config,
  pkgs,
  ...
}: {
  services.ngircd = {
    enable = true;
    package = pkgs.ngircd.overrideAttrs (oldAttrs: {
      configureFlags = builtins.filter (f: f != "--with-pam") oldAttrs.configureFlags;
      buildInputs = builtins.filter (i: i != pkgs.pam) oldAttrs.buildInputs;
    });

    config = ''
      [Global]
      Name = irc.yourdomain.com
      Info = Community IRC Server
      AdminInfo1 = Your Name
      AdminInfo2 = Your Community Server
      AdminEMail = admin@yourdomain.com

      # Network and connection settings
      Listen = 0.0.0.0
      Ports = 6667
      MotdFile = /etc/ngircd/motd.txt

      # User limits
      MaxConnections = 500
      MaxConnectionsIP = 5
      MaxJoins = 10
      MaxNickLength = 16
      PingTimeout = 120
      PongTimeout = 20

      # DNS and ident
      DNS = yes

      [Limits]
      ConnectRetry = 60
      MaxPenaltyTime = -1

      [Options]
      AllowRemoteOper = no
      ChrootDir =
      CloakHost = %x
      CloakHostModeX = %x
      CloakHostSalt = your-random-salt-here
      CloakUserToNick = yes
      ConnectIPv4 = yes
      ConnectIPv6 = yes
      DefaultUserModes = i
      MorePrivacy = no
      NoticeBeforeRegistration = no
      OperCanUseMode = yes
      OperChanPAutoOp = yes
      OperServerMode = yes
      PredefChannelsOnly = no
      RequireAuthPing = no
      ScrubCTCP = no
      SyslogFacility = local1
      WebircPassword =

      [SSL]
      CAFile =
      CertFile = /etc/ngircd/ssl/server-cert.pem
      CipherList = HIGH:!aNULL:@STRENGTH
      DHFile = /etc/ngircd/ssl/dhparams.pem
      KeyFile = /etc/ngircd/ssl/server-key.pem
      Ports = 6697

      # Operator accounts (CHANGE THESE!)
      [Operator]
      Name = admin
      Password = change-this-password-hash
      Mask = *!*@*

      # Default channels
      [Channel]
      Name = #general
      Topic = General Discussion
      Modes = nt

      [Channel]
      Name = #announcements
      Topic = Server Announcements
      Modes = ntm

      [Channel]
      Name = #support
      Topic = Help and Support
      Modes = nt

      [Channel]
      Name = #offtopic
      Topic = Off Topic Chat
      Modes = nt
    '';
  };

  # Create MOTD file
  environment.etc."ngircd/motd.txt".text = ''
    ╔═══════════════════════════════════════════════════╗
    ║       Welcome to the Community IRC Server!        ║
    ╚═══════════════════════════════════════════════════╝

    Server Rules:
    1. Be respectful to all users
    2. No spam or flooding
    3. No harassment or hate speech
    4. Keep discussion appropriate for all ages
    5. Follow channel-specific rules

    Available channels:
    - #general      : General discussion
    - #announcements: Server announcements (moderated)
    - #support      : Help and support
    - #offtopic     : Off topic chat

    For help, type: /join #support

    Enjoy your stay!
  '';

  # Open firewall ports
  networking.firewall.allowedTCPPorts = [
    6667  # Plain IRC
    6697  # SSL IRC
  ];

  # Optional: Setup Let's Encrypt for SSL
  # Uncomment and configure if you want SSL support
  # security.acme = {
  #   acceptTerms = true;
  #   defaults.email = "admin@yourdomain.com";
  #   certs."irc.yourdomain.com" = {
  #     group = "ngircd";
  #     postRun = "systemctl reload ngircd.service";
  #   };
  # };

  # Optional: TheLounge web IRC client
  # Uncomment to enable web-based IRC access
  # services.thelounge = {
  #   enable = true;
  #   port = 9000;
  #   public = true;  # Allow registration
  #
  #   extraConfig = {
  #     reverseProxy = true;  # If behind nginx
  #
  #     defaults = {
  #       name = "Community IRC";
  #       host = "127.0.0.1";
  #       port = 6667;
  #       tls = false;
  #       rejectUnauthorized = false;
  #       join = "#general";
  #     };
  #   };
  # };
}