{ config, lib, pkgs, mailserver, ... }: 
{
  imports = [
    ./nginx
    mailserver.nixosModule
  ];

  config = lib.mkIf config.system.mailserver.enable {
    mailserver = {
      enable = true;
      domains = [
        "nixfox.ca"
        "bloxelcom.net"
        "freecorn1854.win"
        "lunamoonlight.xyz"
      ];
      fqdn = "mx.nixfox.ca";
      certificateScheme = "acme-nginx";
      localDnsResolver = false;
      redis.port = 1515;

      # Passwords made with 'mkpasswd -sm bcrypt'
      loginAccounts = {
        "jimbo@nixfox.ca" = {
          hashedPasswordFile = pkgs.writeText "jimbo" config.secrets.mailHash.jimbo;
          aliases = [
            "james@nixfox.ca"
            "jimbo@bloxelcom.net"

            "bun@nixfox.ca"
            "bun@bloxelcom.net"
            "yara@nixfox.ca"

            "contact@nixfox.ca"
          ];
        };

        "luna@lunamoonlight.xyz" = {
          hashedPasswordFile = pkgs.writeText "luna" config.secrets.mailHash.luna;
          aliases = [
            "luna@bloxelcom.net"
            "contact@bloxelcom.net"
            "ibu@bloxelcom.net"
          ];
        };

        "contact@freecorn1854.win" = {
          hashedPasswordFile = pkgs.writeText "corn" config.secrets.mailHash.corn;
          aliases = [ "freecorn@bloxelcom.net" ];
        };

	# Noreply emails
        "noreply@nixfox.ca" = {
          hashedPasswordFile = pkgs.writeText "noreply" config.secrets.mailHash.nixfoxNoReply;
          sendOnly = true;
        };
        "noreply@bloxelcom.net" = {
          hashedPasswordFile = pkgs.writeText "noreply" config.secrets.mailHash.bloxelNoReply;
          sendOnly = true;
        };
      };
    };

    # Rspamd port from earlier to avoid overlap
    services.redis.servers.rspamd.port = config.mailserver.redis.port;

    environment.persistence."/persist".directories = [
      "/var/vmail"
      "/var/lib/dovecot"
      "/var/lib/postfix"
      "/var/lib/redis-rspamd"
    ];
  };
}