{ ... }:

{
  imports = [ ./mailserver-accounts.secret.nix ];

  # See: https://nixos-mailserver.readthedocs.io/en/latest/options.html
  mailserver = {
    enable = true;
    fqdn = "mail.pleshevski.ru";
    domains = [ "pleshevski.ru" ];

    # Use Let's Encrypt certificates. Note that this needs to set up a stripped
    # down nginx and opens port 80.
    certificateScheme = 3;

    hierarchySeparator = "/";
  };

  # required for certificateScheme = 3
  # TODO: Try to use traefik
  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    defaultHTTPListenPort = 10080;
    defaultSSLListenPort = 10443;
  };

  networking.firewall.allowedTCPPorts = [ 10080 10443 ];
}