{ pkgs, lib, config, ... }:
{
  # email addresses git smudged
  mailserver = {
    enable = true;
    fqdn = "mx.surfsite.org";
    sendingFqdn = "mx.surfsite.org";
    domains = [
      "harald-hoyer.de"
      "hartwin-hoyer.de"
      "herward-hoyer.de"

      "hoyer.xyz"
      "nc.hoyer.xyz"
      "harald.hoyer.xyz"

      "varlink.org"
      "surfsite.org"
      "hoyer.social"
      "hoyer.world"
      "hoyer.photos"
      "harald.hoyer.photos"
      "hartwin.hoyer.photos"
      "mx.surfsite.org"
    ];

    extraVirtualAliases = {
      "znk@ublre.klm" = [
        "unenyq@ublre.klm"
        "zu@ublre.klm"
      ];

      "sryvk@ublre.klm" = [
        "unenyq@ublre.klm"
        "zu@ublre.klm"
      ];

      "zhu@ublre.klm" = [
        "unenyq@ublre.klm"
        "zu@ublre.klm"
      ];

      "xvpxre@fhesfvgr.bet" = [
        "unenyq@ublre.klm"
        "unegjva@ublre.klm"
      ];
    };
    # A list of all login accounts. To create the password hashes, use
    # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
    loginAccounts = {
      "zu@ublre.klm" = {
        hashedPasswordFile = "/ubzr/unenyq/frpergf/zu@ublre.klm";
        aliases = [
          "zrvxr@unenyq-ublre.qr"
          "zrvxr@ublre.klm"
        ];
      };
      "nyrk@ublre.klm" = {
        hashedPasswordFile = "/home/hartwin/secrets/alex-mail";
        aliases = [
          "nyrk@unegjva-ublre.qr"
          "nyrk.ublre@unegjva-ublre.qr"
          "nyrk@fhesfvgr.bet"
          "nyrk.ublre@fhesfvgr.bet"
          "nyrknaqre@ublre.klm"
        ];
      };
      "wna@ublre.klm" = {
        hashedPasswordFile = "/home/hartwin/secrets/jan-mail";
        aliases = [
          "wna@unegjva-ublre.qr"
          "wna.ublre@unegjva-ublre.qr"
          "wna@fhesfvgr.bet"
          "wna.ublre@fhesfvgr.bet"
        ];
      };
      "unaanu@ublre.klm" = {
        hashedPasswordFile = "/home/hartwin/secrets/hannah-mail";
        aliases = [
          "unaanu@unegjva-ublre.qr"
          "unaanu.ublre@unegjva-ublre.qr"
          "unaanu@fhesfvgr.bet"
          "unaanu.ublre@fhesfvgr.bet"
        ];
      };
      "fgrssv@ublre.klm" = {
        hashedPasswordFile = "/home/hartwin/secrets/steffi-mail";
        aliases = [
          "fgrssv@fhesfvgr.bet"
          "fgrsnavrublre@fhesfvgr.bet"
          "fgrsnavr.ublre@fhesfvgr.bet"
          "fgrsnavr.ublre@ublre.klm"
          "fgrsnavr@ublre.klm"
        ];
      };
      "unegjva@ublre.klm" = {
        hashedPasswordFile = "/home/hartwin/secrets/hartwin-mail";
        aliases = [
          "unegjva.ublre@unegjva-ublre.qr"
          "znvy@unegjva-ublre.qr"
          "unegjva@unegjva-ublre.qr"
          "lbhghor@unegjva-ublre.qr"
          "unegjva@ap.ublre.klm"
          "unegjva@ublre.cubgbf"
          "jroznfgre@unegjva.ublre.cubgbf"
        ];
      };
      "uublre@urejneq-ublre.qr" = {
        hashedPasswordFile = "/home/hhoyer/secrets/hhoyer-mail";
        aliases = [
          "urejneq@urejneq-ublre.qr"
          "urejneq@if189018.ifreire.qr"
          "thn808@urejneq-ublre.qr"
          "znvy@urejneq-ublre.qr"
          "urejneq.ublre@urejneq-ublre.qr"
          "uublre@fhesfvgr.bet"
          "uublre@ublre.klm"
          "urejneq@ublre.klm"
          "urejneq@ap.ublre.klm"
        ];
      };
      "unenyq@ublre.klm" = {
        hashedPasswordFile = "/ubzr/unenyq/frpergf/unenyq@ublre.klm";
        aliases = [
          "unenyq@zk.fhesfvgr.bet"
          "ebbg@zk.fhesfvgr.bet"

          "nohfr@zk.fhesfvgr.bet"
          "nohfr@fhesfvgr.bet"
          "nohfr@unegjva-ublre.qr"
          "nohfr@urejneq-ublre.qr"
          "nohfr@ublre.klm"
          "nohfr@unenyq.ublre.klm"
          "nohfr@ineyvax.bet"
          "nohfr@ublre.fbpvny"
          "nohfr@ublre.jbeyq"
          "nohfr@ublre.cubgbf"

          "cbfgznfgre@zk.fhesfvgr.bet"
          "cbfgznfgre@fhesfvgr.bet"
          "cbfgznfgre@unegjva-ublre.qr"
          "cbfgznfgre@urejneq-ublre.qr"
          "cbfgznfgre@ublre.klm"
          "cbfgznfgre@unenyq.ublre.klm"
          "cbfgznfgre@ineyvax.bet"
          "cbfgznfgre@ublre.fbpvny"
          "cbfgznfgre@ublre.jbeyq"
          "cbfgznfgre@ublre.cubgbf"

          "jroznfgre@ublre.klm"
          "jroznfgre@fhesfvgr.bet"
          "jroznfgre@unenyq.ublre.klm"
          "jroznfgre@ineyvax.bet"
          "jroznfgre@ublre.fbpvny"
          "jroznfgre@ublre.jbeyq"
          "jroznfgre@ublre.cubgbf"
          "jroznfgre@unenyq.ublre.cubgbf"

          "nqzva@ublre.klm"
          "nqzva@unenyq.ublre.klm"
          "nqzva@ap.ublre.klm"
          "nqzva@zk.fhesfvgr.bet"
          "nqzva@ublre.fbpvny"
          "nqzva@ublre.jbeyq"
          "nqzva@ublre.cubgbf"

          "unenyq@fhesfvgr.bet"
          "unenyq@ublre.klm"
          "unenyq@ap.ublre.klm"
          "unenyq@ineyvax.bet"
          "unenyq@ublre.jbeyq"
          "unenyq@ublre.fbpvny"
          "unenyq@ublre.cubgbf"

          "@unenyq.ublre.klm"
          "@unenyq-ublre.qr"

          "cnlcny-unenyq@ublre.klm"
          "cubgb-unenyq@ublre.klm"

          "so@fhesfvgr.bet"
          "servshax@fhesfvgr.bet"
          "sop@fhesfvgr.bet"
          "zvar@fhesfvgr.bet"
          "ovgpbva@fhesfvgr.bet"
          "ovgpbva@ublre.klm"
          "ebhyrggr@fhesfvgr.bet"
          "tvguho@fhesfvgr.bet"
          "zhn@fhesfvgr.bet"
          "nyvrkcerff@fhesfvgr.bet"

          # Max
          "znk@ublre.klm"
          "znk.ublre@ublre.klm"
          "znkvzvyvna@ublre.klm"
          "znkvzvyvna.ublre@ublre.klm"

          # Felix
          "sryvk@ublre.klm"
          "sryvk.ublre@ublre.klm"
        ];
      };
    };
    certificateScheme = "acme";
  };

  services.roundcube = {
    enable = true;
    # this is the url of the vhost, not necessarily the same as the fqdn of
    # the mailserver
    hostName = "webmail.hoyer.xyz";
    extraConfig = ''
      # starttls needed for authentication, so the fqdn required to match
      # the certificate
      $config['smtp_server'] = "tls://${config.mailserver.fqdn}";
      $config['smtp_user'] = "%u";
      $config['smtp_pass'] = "%p";
    '';
  };
}