selfprivacy-nixos-config/sp-modules/simple-nixos-mailserver/config.nix

{ config, lib, ... }:
let
  sp = config.selfprivacy;
in
{
  fileSystems =
    lib.mkIf (sp.modules.simple-nixos-mailserver.enable && sp.useBinds)
      {
        "/var/vmail" = {
          device = "/volumes/${sp.email.location}/vmail";
          options = [ "bind" ];
        };
        "/var/sieve" = {
          device = "/volumes/${sp.email.location}/sieve";
          options = [ "bind" ];
        };
      };

  users.users = lib.mkIf sp.modules.simple-nixos-mailserver.enable {
    virtualMail = {
      isNormalUser = false;
    };
  };

  selfprivacy.modules.simple-nixos-mailserver =
    lib.mkIf sp.modules.simple-nixos-mailserver.enable {
      fqdn = sp.domain;
      domains = [ sp.domain ];

      # A list of all login accounts. To create the password hashes, use
      # mkpasswd -m sha-512 "super secret password"
      loginAccounts = {
        "${sp.username}@${sp.domain}" = {
          hashedPassword = sp.hashedMasterPassword;
          sieveScript = ''
            require ["fileinto", "mailbox"];
            if header :contains "Chat-Version" "1.0"
            {
              fileinto :create "DeltaChat";
              stop;
            }
          '';
        };
      } // builtins.listToAttrs (builtins.map
        (user: {
          name = "${user.username}@${sp.domain}";
          value = {
            hashedPassword = user.hashedPassword;
            sieveScript = ''
              require ["fileinto", "mailbox"];
              if header :contains "Chat-Version" "1.0"
              {
                fileinto :create "DeltaChat";
                stop;
              }
            '';
          };
        })
        sp.users);

      extraVirtualAliases = {
        "admin@${sp.domain}" = "${sp.username}@${sp.domain}";
      };

      certificateScheme = "manual";
      certificateFile = "/var/lib/acme/${sp.domain}/fullchain.pem";
      keyFile = "/var/lib/acme/${sp.domain}/key.pem";

      # Enable IMAP and POP3
      enableImap = true;
      enableImapSsl = true;
      enablePop3 = false;
      enablePop3Ssl = false;
      dkimSelector = "selector";

      # Enable the ManageSieve protocol
      enableManageSieve = true;

      virusScanning = false;
    };
}