{
  config,
  lib,
  self,
  ...
}:

let
  cfg = config.modules.services.mail;
  domains = [
    "h0lt.com"
    "jdholt.com"
    "jordanholt.xyz"
    "vimium.co"
    "vimium.com"
    "vimium.co.uk"
    "vimium.info"
    "vimium.net"
    "vimium.org"
    "vimium.xyz"
  ];
in
{
  options.modules.services.mail = {
    enable = lib.mkOption {
      default = false;
      example = true;
    };
  };

  imports = [
    self.inputs.nixos-mailserver.nixosModule
  ];

  config = lib.mkIf cfg.enable {
    services.roundcube = {
      enable = true;
      hostName = config.mailserver.fqdn;
      extraConfig = ''
        $config['smtp_server'] = "tls://${config.mailserver.fqdn}";
        $config['smtp_user'] = "%u";
        $config['smtp_pass'] = "%p";
      '';
      plugins = [ "contextmenu" ];
    };

    services.nginx.enable = true;

    networking.firewall.allowedTCPPorts = [
      80
      443
    ];

    mailserver = {
      enable = true;
      fqdn = "mail.vimium.com";
      domains = domains;
      indexDir = "/var/lib/dovecot/indices";

      certificateDomains = [
        "imap.vimium.com"
        "smtp.vimium.com"
      ];
      certificateScheme = "acme-nginx";

      fullTextSearch.enable = true;

      loginAccounts = {
        "jordan@vimium.com" = {
          hashedPasswordFile = config.users.users.jordan.hashedPasswordFile;
          catchAll = domains;
        };
      };

      extraVirtualAliases = {
        "hostmaster@vimium.com" = "jordan@vimium.com";
        "postmaster@vimium.com" = "jordan@vimium.com";
        "webmaster@vimium.com" = "jordan@vimium.com";
        "abuse@vimium.com" = "jordan@vimium.com";
      };
    };
  };
}