{ config, pkgs, lib, ... }: {
  imports = [
    (builtins.fetchTarball {
      url =
        "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.1/nixos-mailserver-v2.2.1.tar.gz";
      sha256 = "03d49v8qnid9g9rha0wg2z6vic06mhp0b049s3whccn1axvs2zzx";
    })
  ];

  mailserver = {
    enable = true;
    fqdn = "mail.gaykraft.com";
    domains = [ "gaykraft.com" ];

    # A list of all login accounts. To create the password hashes, use
    # nix-shell -p mkpasswd --run 'mkpasswd -m sha-512 "super secret password"'
    loginAccounts = {
      "root@gaykraft.com" = {
        hashedPassword = lib.fileContents
          <secrets/mailserver/hashedPasswords/root_at_gaykraft.com>;
        #aliases = [
        #  "postmaster@gaykraft.com"
        #];
        # Make this user the catchAll address for domains
        catchAll = [ "gaykraft.com" ];
      };
    };

    # Extra virtual aliases. These are email addresses that are forwarded to
    # loginAccounts addresses.
    #extraVirtualAliases = {
    # address = forward address;
    #"abuse@example.com" = "user1@example.com";
    #};

    # Use Let's Encrypt certificates. Note that this needs to set up a stripped
    # down nginx and opens port 80.
    certificateScheme = 3;

    # Enable IMAP and POP3
    enableImap = true;
    enablePop3 = true;
    enableImapSsl = true;
    enablePop3Ssl = true;

    # Enable the ManageSieve protocol
    enableManageSieve = true;

    # whether to scan inbound emails for viruses (note that this requires at least
    # 1 Gb RAM for the server. Without virus scanning 256 MB RAM should be plenty)
    virusScanning = false;
  };
}