{ pkgs, config, ... }:
{
  environment.systemPackages = with pkgs; [
    mailutils
    mutt
  ];

  services.postfix = {
    enable = true;
    settings.main.relayhost = [ "[smtp.gmail.com]:587" ];
    config = {
      smtp_use_tls = "yes";
      smtp_sasl_auth_enable = "yes";
      smtp_sasl_security_options = "";
      smtp_sasl_password_maps = "texthash:${config.sops.secrets.sasl_passwd.path}";
      # optional: Forward mails to root (e.g. from cron jobs, smartd)
      virtual_alias_maps = "inline:{ root=harald.hoyer@gmail.com, admin=harald.hoyer@gmail.com }";
    };
  };

  sops.secrets.sasl_passwd = {
    sopsFile = ../../../.secrets/sgx/relay.yaml; # bring your own password file
    owner = config.services.postfix.user;
  };

}