{ mailserver , ... }:
{
  imports = [
    mailserver
  ];

  mailserver = {
    enable = true;
    fqdn = "mail.sondell.org";
    domains = [ "sondell.org" ];

    # A list of all login accounts. To create the password hashes, use
    # cat .secrets/nextadminpw | nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' > .secrets/mailpw.hash
    loginAccounts = {
      "admin@sondell.org" = {
        hashedPasswordFile = "/etc/nixos/.secrets/mailpw.hash";
        aliases = ["info@sondell.org"];
      };
    };

    # Use Let's Encrypt certificates. Note that this needs to set up a stripped
    # down nginx and opens port 80.
    certificateScheme = "acme-nginx";
  };

  # services.roundcube = {
  #    enable = true;
  #    # this is the url of the vhost, not necessarily the same as the fqdn of
  #    # the mailserver
  #    hostName = "webmail.sondell.org";
  #    extraConfig = ''
  #      # starttls needed for authentication, so the fqdn required to match
  #      # the certificate
  #      $config['smtp_server'] = "tls://${mailserver.fqdn}";
  #      $config['smtp_user'] = "%u";
  #      $config['smtp_pass'] = "%p";
  #    '';
  # };
  
}