diff --git a/configuration.nix b/configuration.nix
index 1e21412..0ec9d70 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -35,6 +35,7 @@ in {
     cloud-utils
     parted
     visualvm
+    mkpasswd
     linuxPackages.perf
     lshw
     pciutils
diff --git a/email.nix b/email.nix
new file mode 100644
index 0000000..3392f70
--- /dev/null
+++ b/email.nix
@@ -0,0 +1,29 @@
+{ ... }: 
+let
+  root_host = "grimmauld.de";
+  mail_host = "mail.${root_host}";
+in {
+  security.acme.certs."${root_host}".extraDomainNames = [ mail_host ];
+
+
+  mailserver = {
+    enable = true;
+    fqdn = mail_host;
+    domains = [ root_host ];
+
+    # A list of all login accounts. To create the password hashes, use
+    # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
+    loginAccounts = {
+      "contact@${root_host}" = {
+        hashedPasswordFile = ./mailpass/contact;
+        aliases = ["kontakt@${root_host}"];
+      };
+    };
+
+    # Use Let's Encrypt certificates. Note that this needs to set up a stripped
+    # down nginx and opens port 80.
+    certificateScheme = "manual";
+    certificateFile = "/var/lib/acme/${root_host}/fullchain.pem";
+    keyFile = "/var/lib/acme/${root_host}/key.pem";
+  };
+}
diff --git a/flake.lock b/flake.lock
index ecdc1c4..1a269a4 100644
--- a/flake.lock
+++ b/flake.lock
@@ -21,6 +21,22 @@
         "type": "github"
       }
     },
+    "blobs": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1604995301,
+        "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
+        "owner": "simple-nixos-mailserver",
+        "repo": "blobs",
+        "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
+        "type": "gitlab"
+      },
+      "original": {
+        "owner": "simple-nixos-mailserver",
+        "repo": "blobs",
+        "type": "gitlab"
+      }
+    },
     "darwin": {
       "inputs": {
         "nixpkgs": [
@@ -43,6 +59,22 @@
         "type": "github"
       }
     },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1668681692,
+        "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "009399224d5e398d03b22badca40a37ac85412a1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -64,6 +96,29 @@
         "type": "github"
       }
     },
+    "nixos-mailserver": {
+      "inputs": {
+        "blobs": "blobs",
+        "flake-compat": "flake-compat",
+        "nixpkgs": "nixpkgs_2",
+        "nixpkgs-22_11": "nixpkgs-22_11",
+        "nixpkgs-23_05": "nixpkgs-23_05",
+        "utils": "utils"
+      },
+      "locked": {
+        "lastModified": 1703666786,
+        "narHash": "sha256-SLPNpM/rI8XPyVJAxMYAe+n6NiYSpuXvdwPILHP4yZI=",
+        "ref": "refs/heads/master",
+        "rev": "b5023b36a1f6628865cb42b4353bd2ddde0ea9f4",
+        "revCount": 575,
+        "type": "git",
+        "url": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver"
+      }
+    },
     "nixos-matrix-modules": {
       "inputs": {
         "nixpkgs-lib": "nixpkgs-lib"
@@ -100,6 +155,36 @@
         "type": "github"
       }
     },
+    "nixpkgs-22_11": {
+      "locked": {
+        "lastModified": 1669558522,
+        "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-22.11",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs-23_05": {
+      "locked": {
+        "lastModified": 1684782344,
+        "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-23.05",
+        "type": "indirect"
+      }
+    },
     "nixpkgs-lib": {
       "locked": {
         "lastModified": 1673743903,
@@ -116,6 +201,21 @@
       }
     },
     "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1670751203,
+        "narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-unstable",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs_3": {
       "locked": {
         "lastModified": 1703438236,
         "narHash": "sha256-aqVBq1u09yFhL7bj1/xyUeJjzr92fXVvQSSEx6AdB1M=",
@@ -134,8 +234,9 @@
     "root": {
       "inputs": {
         "agenix": "agenix",
+        "nixos-mailserver": "nixos-mailserver",
         "nixos-matrix-modules": "nixos-matrix-modules",
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs_3"
       }
     },
     "systems": {
@@ -152,6 +253,21 @@
         "repo": "default",
         "type": "github"
       }
+    },
+    "utils": {
+      "locked": {
+        "lastModified": 1605370193,
+        "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "5021eac20303a61fafe17224c087f5519baed54d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
     }
   },
   "root": "root",
diff --git a/flake.nix b/flake.nix
index 496031e..48edca7 100644
--- a/flake.nix
+++ b/flake.nix
@@ -11,9 +11,13 @@
       url = "git+https://github.com/dali99/nixos-matrix-modules?submodules=1";
       flake = true;
     };
+    nixos-mailserver = {
+      url = "git+https://gitlab.com/simple-nixos-mailserver/nixos-mailserver";
+      flake = true;
+    };
   };
 
-  outputs = { nixos-matrix-modules, self, nixpkgs, agenix }: let
+  outputs = { nixos-mailserver, nixos-matrix-modules, self, nixpkgs, agenix }: let
     system = "x86_64-linux";
   in {
     nixosConfigurations = {
@@ -25,7 +29,9 @@
           ./puffer.nix
           ./gitea.nix
           ./letsencrypt.nix
+          ./email.nix
           agenix.nixosModules.default
+          nixos-mailserver.nixosModules.default
           nixos-matrix-modules.nixosModules.default
           { environment.systemPackages = [ agenix.packages.${system}.default ]; }
         ];
diff --git a/letsencrypt.nix b/letsencrypt.nix
index 1b76da5..c1e5dc7 100644
--- a/letsencrypt.nix
+++ b/letsencrypt.nix
@@ -1,9 +1,7 @@
 { lib, config, inputs, pkgs, ... }:
 let
   root_host = "grimmauld.de";
-
-  # git add --intent-to-add email.txt ; git update-index --assume-unchanged email.txt
-  root_email = (builtins.elemAt (lib.strings.match "[[:space:]]*([^[:space:]]+)[[:space:]]*" (builtins.readFile ./email.txt)) 0);
+  root_email = "contact@${root_host}";
 in {
   security.acme = {
     acceptTerms = true;
diff --git a/mailpass/contact b/mailpass/contact
new file mode 100644
index 0000000..081b4b9
--- /dev/null
+++ b/mailpass/contact
@@ -0,0 +1 @@
+$2b$05$WsEwEXHa3kzDdMJdluirn.ExpK5BGJENEf3iH2AAjW6IFUPSpBWVa