{ config, lib, pkgs, ... }:
let
  cfg = config.mailserver;
in {
  assertions = lib.optionals cfg.ldap.enable [
    {
      assertion = cfg.loginAccounts == {};
      message = "When the LDAP support is enable (mailserver.ldap.enable = true), it is not possible to define mailserver.loginAccounts";
    }
    {
      assertion = cfg.extraVirtualAliases == {};
      message = "When the LDAP support is enable (mailserver.ldap.enable = true), it is not possible to define mailserver.extraVirtualAliases";
    }
    {
      assertion = cfg.forwards == {};
      message = "When the LDAP support is enable (mailserver.ldap.enable = true), it is not possible to define mailserver.forwards";
    }
  ] ++ lib.optionals (cfg.enable && cfg.certificateScheme != "acme") [
    {
      assertion = cfg.acmeCertificateName == cfg.fqdn;
      message = "When the certificate scheme is not 'acme' (mailserver.certificateScheme != \"acme\"), it is not possible to define mailserver.acmeCertificateName";
    }
  ];
}