{ lib, config, pkgs, ... }:

{
  imports = [
    ./mailserver/default.nix
  ];

  mailserver = rec {
    enable = true;
    fqdn = "mail.ophanim.de";
    domains = [ "ophanim.de" ];
    loginAccounts = {
        "derped@ophanim.de" = {
            hashedPassword = (builtins.replaceStrings ["\n"] [""] (builtins.readFile /secret/derped.mail));
        };
    };
    # Use Let's Encrypt certificates. Note that this needs to set up a stripped
    # down nginx and opens port 80.
    certificateScheme = 1;
    certificateFile = "/var/lib/acme/" + fqdn + "/fullchain.pem";
    keyFile = "/var/lib/acme/" + fqdn + "/key.pem";

    #dhParamBitLength = 4096; # this doesn't exist???

    # Enable IMAP and POP3
    enableImap = true;
    enablePop3 = true;
    enableImapSsl = true;
    enablePop3Ssl = true;

    # Enable the ManageSieve protocol
    enableManageSieve = true;

    # whether to scan inbound emails for viruses (note that this requires at least
    # 1 Gb RAM for the server. Without virus scanning 256 MB RAM should be plenty)
    virusScanning = false;
  };
}