{ config, lib, pkgs, ...}:

{
  mailserver = {
    enable = true;

    fqdn = "mail.vapor.systems";
    domains = [ "vapor.systems" ];

    # A list of all login accounts. To create the password hashes, use
    # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
    loginAccounts = {
      # "user1@example.com" = {
      #   hashedPasswordFile = "/a/file/containing/a/hashed/password";
      #   aliases = ["postmaster@example.com"];
      # };
      # "user2@example.com" = { ... };
    };

    ldap = {
      enable = true;
      uris = [ "ldaps://ettves:636" ];

      bind = {
        dn = "cn=mail,ou=users,dc=mail,dc=vapor,dc=systems";
        passwordFile = "/etc/secrets/ldap";
      };

      searchBase = "dc=mail,dc=vapor,dc=systems";
    };

    certificateScheme = "acme";
  };

  secrets = {
    minecraft = {
      source = ../../secrets/authentik/mail;
      dest = "/etc/secrets/ldap";
    };
  };

  security.acme.certs = {
    "mail.vapor.systems" = { };
  };
}