nix-cfg/hosts/vps1/services/mailserver.nix

{ lib, config, data, ...}:
let
  inherit (data.host) rootDomain;
  inherit (data.services.mailserver) domain;
  gitDomain = data.services.git.domain;
in
{
  mailserver = {
    enable = true;
    fqdn = domain;
    domains = [
      rootDomain
      domain
      gitDomain
    ];

    # certificateScheme = "acme";
    # Cannot be used since it uses fqdn
    certificateScheme = "manual";
    certificateFile = "${config.security.acme.certs.${rootDomain}.directory}/fullchain.pem";
    keyFile = "${config.security.acme.certs.${rootDomain}.directory}/key.pem";

    enableManageSieve = true;
    indexDir = "/var/lib/dovecot/indices";
    dkimKeyBits = 4096;

    loginAccounts = {
      "lgm@${rootDomain}" = {
        aliases = [
          "lgmrszd@${rootDomain}"
          "postmaster@${rootDomain}"
          "abuse@${rootDomain}"
          "admin@${rootDomain}"
        ];
        hashedPassword = "$2b$05$E18a4pSMfEmd.mfVGQEJe.JBTS3jxdf6yLDZdOQNIs9NrNMc5K.cK";
      };
      "forgejo@${rootDomain}" = {
        aliases = [
          "@${gitDomain}"
        ];
        hashedPassword = "$2b$05$IlDxRGJ6vOUjDIq0hfCd3uIVLQw0oodRU1cG8pKueO1BgaIfpUYPS";
      };
      "auth@${rootDomain}" = {
        hashedPassword = "$2b$05$vqTJCReuUY61.Z1EwcwXnOlG98Cizpt1TGIJ76/WSHaiweAxPglp6";
        sendOnly = true;
      };
    };
  };

  security.acme.certs."${rootDomain}".reloadServices = [
    "postfix.service"
    "dovecot2.service"
  ];
}