{ ... }: 
let
  root_host = "grimmauld.de";
  mail_host = "mail.${root_host}";
in {
  security.acme.certs."${root_host}".extraDomainNames = [ mail_host ];


  mailserver = {
    enable = true;
    fqdn = mail_host;
    domains = [ root_host ];

    # A list of all login accounts. To create the password hashes, use
    # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
    loginAccounts = {
      "contact@${root_host}" = {
        hashedPasswordFile = ./mailpass/contact;
        aliases = ["kontakt@${root_host}"];
      };
    };

    # Use Let's Encrypt certificates. Note that this needs to set up a stripped
    # down nginx and opens port 80.
    certificateScheme = "manual";
    certificateFile = "/var/lib/acme/${root_host}/fullchain.pem";
    keyFile = "/var/lib/acme/${root_host}/key.pem";
  };
}