{ config, pkgs, ... }:
let
  fqdn = "${config.networking.hostName}.${config.networking.domain}";
in{
  mailserver = {
    enable = true;
    fqdn = "mail.${fqdn}";
    domains = [ "${fqdn}" ];
    # A list of all login accounts. To create the password hashes, use
    # mkpasswd -m sha-512 "super secret password"
    loginAccounts = {
      "admin@${fqdn}" = {
        # nix-shell -p mkpasswd --run "mkpasswd -m sha-512 easypassword"
        hashedPassword = "$6$mwL/Pqv4WZHIP7j.$rU2inAQ8QCICBPCF5MiITptHcbZopBqwHYDudxBHun3zfnaAINqCDaeC/uq7CrzgNtDF2HbFEikz7GYNX6kXZ.";
        aliases = [
          "postmaster@${fqdn}"
          "webmaster@${fqdn}"
          "abuse@${fqdn}"
        ];
      };
    };
    # Extra virtual aliases. These are email addresses that are forwarded to
    # loginAccounts addresses.
    extraVirtualAliases = {
      # address = forward address;
      #"abuse@${fqdn}" = "postmaster@${fqdn}";
    };
    # Use Let's Encrypt certificates. Note that this needs to set up a stripped
    # down nginx and opens port 80.
    certificateScheme = 3;
    # Enable IMAP and POP3
    enableImap = false;
    enableImapSsl = true;
    enableSubmission = false;
    enableSubmissionSsl = true;
    # Enable the ManageSieve protocol
    enableManageSieve = true;
    # whether to scan inbound emails for viruses (note that this requires at least
    # 1 Gb RAM for the server. Without virus scanning 256 MB RAM should be plenty)
    virusScanning = false;
    localDnsResolver = false;
  };
}