diff --git a/machines/Ophanim/options.nix b/machines/Ophanim/options.nix
index 4a0a7f0..1456973 100644
--- a/machines/Ophanim/options.nix
+++ b/machines/Ophanim/options.nix
@@ -11,6 +11,7 @@ with lib;
   config.machine = rec {
     hostName = "Ophanim";
     administrators = [ { name = "derped"; id = 1337; } ];
+    mailAccounts = [ "derped" "mailman3" ];
     domain = "ophanim.de";
     allowUnfree = true;
     conffiles = [
diff --git a/options/machine.nix b/options/machine.nix
index 6cf90d6..9fb3f1e 100644
--- a/options/machine.nix
+++ b/options/machine.nix
@@ -47,6 +47,12 @@ with lib;
         The Machines domain name.
       '';
     };
+    mailAccounts = mkOption {
+      type = types.listOf types.string;
+      description = ''
+        List of mail account user names.
+      '';
+    };
     vHosts = mkOption {
       type = types.listOf types.attrs;
       description = ''
diff --git a/services/mailserver.nix b/services/mailserver.nix
index 48d6b58..be0d798 100644
--- a/services/mailserver.nix
+++ b/services/mailserver.nix
@@ -3,18 +3,19 @@
 with lib;
 
 mkIf (elem "mailserver" config.machine.services) {
-  mailserver = rec {
+  mailserver = let
+    mkUser = username: {
+      name = "${username}@${config.machine.domain}";
+      value = {
+        hashedPassword = (fileContents "/secret/${username}.mail");
+      };
+    };
+  in rec {
     enable = true;
     fqdn = "mail.${config.machine.domain}";
     domains = [ config.machine.domain ];
-    loginAccounts = {
-      "derped@${config.machine.domain}" = {
-        hashedPassword = (fileContents /secret/derped.mail);
-      };
-      "mailman3@${config.machine.domain}" = {
-        hashedPassword = (fileContents /secret/mailman3.mail);
-      };
-    };
+    loginAccounts = listToAttrs (map mkUser config.machine.mailAccounts);
+
     # Use Let's Encrypt certificates. Note that this needs to set up a stripped
     # down nginx and opens port 80.
     certificateScheme = 1;