{
  inputs,
  config,
  ...
}:

let
  sendingDomains = [
    "jdholt.com"
    "vimium.com"
  ];
  receiveOnlyDomains = [
    "h0lt.com"
    "jordanholt.xyz"
    "vimium.co"
    "vimium.co.uk"
    "vimium.info"
    "vimium.net"
    "vimium.org"
    "vimium.xyz"
  ];
  allDomains = sendingDomains ++ receiveOnlyDomains;
in
{
  imports = [
    inputs.nixos-mailserver.nixosModule
  ];

  age.secrets = {
    "files/services/postfix/sasl_passwd".file =
      "${inputs.secrets}/files/services/postfix/sasl_passwd.age";
    "passwords/users/jordan".file = "${inputs.secrets}/passwords/users/jordan.age";
  };

  services.roundcube = {
    enable = true;
    hostName = config.mailserver.fqdn;
    extraConfig = ''
      $config['smtp_server'] = "tls://${config.mailserver.fqdn}";
      $config['smtp_user'] = "%u";
      $config['smtp_pass'] = "%p";
    '';
    plugins = [ "contextmenu" ];
  };

  services.nginx.enable = true;

  networking.firewall.allowedTCPPorts = [
    80
    443
  ];

  mailserver = {
    enable = true;
    fqdn = "mail.vimium.com";
    domains = allDomains;
    indexDir = "/var/lib/dovecot/indices";

    certificateDomains = [
      "imap.vimium.com"
      "smtp.vimium.com"
    ];
    certificateScheme = "acme-nginx";

    fullTextSearch.enable = true;

    loginAccounts = {
      "jordan@vimium.com" = {
        hashedPasswordFile = config.age.secrets."passwords/users/jordan".path;
        aliases = map (domain: "@" + domain) sendingDomains;
        catchAll = receiveOnlyDomains;
      };
    };
  };

  services.postfix.config = {
    relayhost = "[mail.smtp2go.com]:2525";

    smtp_sasl_auth_enable = "yes";
    smtp_sasl_password_maps = "texthash:${
      config.age.secrets."files/services/postfix/sasl_passwd".path
    }";
    smtp_sasl_security_options = "noanonymous";

    smtp_destination_concurrency_limit = "20";
    header_size_limit = "4096000";
  };
}