{ config, pkgs, ... }:
let
  mail_config = (import ./config.nix { config = config; });
  acmeRoot = "/var/lib/acme/acme-challenge";

in {
  services.nginx = {
    enable = true;
    virtualHosts."${mail_config.fqdn}" = {
      serverName = mail_config.fqdn;
      serverAliases = mail_config.domains;
      forceSSL = true;
      enableACME = true;
      acmeRoot = acmeRoot;
    };
  };

  security.acme.certs."${mail_config.fqdn}" = {
    reloadServices = [ "postfix.service" "dovecot2.service" ];
  };
}