{ pkgs, config, lib, inputs,  ...}:

{
	# figure out how this works
	services.openldap = {
		enable = true;

		/* enable plain connections only */
		urlList = [ "ldap:///" ];


		settings = {
			attrs = {
				olcLogLevel = "conns config";
			};

			children = {
				"cn=schema".includes = [
					"${pkgs.openldap}/etc/schema/core.ldif"
					"${pkgs.openldap}/etc/schema/cosine.ldif"
					"${pkgs.openldap}/etc/schema/inetorgperson.ldif"
				];

				"olcDatabase={1}mdb".attrs = {
					objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];

					olcDatabase = "{1}mdb";
					olcDbDirectory = "/var/lib/openldap/data";

					olcSuffix = "dc=example,dc=com";

					/* your admin account, do not use writeText on a production system */
					olcRootDN = "cn=admin,dc=example,dc=com";
					olcRootPW.path = pkgs.writeText "olcRootPW" "pass";

					olcAccess = [
						/* custom access rules for userPassword attributes */
						''{0}to attrs=userPassword
				by self write
				by anonymous auth
				by * none''

						/* allow read on anything else */
						''{1}to *
				by * read''
					];
				};
			};
		};
	};

	# Enable all the old services on gullfoss
	services.postgresql = {
		enable = true;
		ensureDatabases = [ "mydatabase" ];
		authentication = pkgs.lib.mkOverride 10 ''
	  #type database  DBuser  auth-method
	  local all       all     trust
		'';
	};

	# TODO: need to configure this
	services.samba = {
		enable = true;
		openFirewall = true;
		settings = {
			global = {
				"workgroup" = "WORKGROUP";
				"server string" = "smbnix";
				"netbios name" = "smbnix";
				"security" = "user";
				#"use sendfile" = "yes";
				#"max protocol" = "smb2";
				# note: localhost is the ipv6 localhost ::1
				"hosts allow" = "192.168.0. 127.0.0.1 localhost";
				"hosts deny" = "0.0.0.0/0";
				"guest account" = "nobody";
				"map to guest" = "bad user";
			};
			"public" = {
				"path" = "/mnt/Shares/Public";
				"browseable" = "yes";
				"read only" = "no";
				"guest ok" = "yes";
				"create mask" = "0644";
				"directory mask" = "0755";
				"force user" = "username";
				"force group" = "groupname";
			};
			"private" = {
				"path" = "/mnt/Shares/Private";
				"browseable" = "yes";
				"read only" = "no";
				"guest ok" = "no";
				"create mask" = "0644";
				"directory mask" = "0755";
				"force user" = "username";
				"force group" = "groupname";
			};
		};
	};

	services.samba-wsdd = {
		enable = true;
		openFirewall = true;
	};

	services.cron = {
		enable = true;
		systemCronJobs = [
			"*/5 * * * *      root    date >> /tmp/cron.log"
		];
	};
}