{ config, ... }:

let
  inherit (config.networking) ports;
in
{
  #sops.secrets."domain_key_jalr.de".owner = "rspamd";
  jalr = {
    mailserver = {
      enable = true;
      fqdn = "hha.jalr.de";
      relayPort = ports.postfix-relay.tcp;
      domains = [
        {
          domain = "jalr.de";
          enableDKIM = true;
        }
        {
          domain = "fablab-nea.de";
          enableDKIM = false;
        }
      ];
      users = import ../secrets/mail-users.nix;
      messageSizeLimit = 50 * 1024 * 1024;
    };
  };
  services.postfix = {
    config = {
      smtp_bind_address = "159.69.103.126";
      smtp_bind_address_enforce = true;
    };
    masterConfig.smtp.args = [
      "-o"
      "inet_protocols=ipv4"
    ];
  };
  services.nginx.virtualHosts."hha.jalr.de" = {
    enableACME = true;
    forceSSL = true;
  };
}