nixos-config/linux/singularity/mailserver.nix

{config, ...}:
with config.constants; let
  fqdn = "mail.${domain}";
  userSecret = "mail/${userName}/password";
  vaultwardenSecret = "mail/vaultwarden/password";
in {
  mailserver = {
    inherit fqdn;

    enable = true;
    domains = [domain];

    loginAccounts = {
      "${postMaster}" = {
        aliases = ["trivial@${domain}"];
        hashedPasswordFile = config.sops.secrets.${userSecret}.path;
      };
      ${config.services.vaultwarden.config.SMTP_FROM}.hashedPasswordFile = config.sops.secrets.${vaultwardenSecret}.path;
    };

    stateVersion = 3;
    x509.useACMEHost = config.mailserver.fqdn;
  };
  sops.secrets = {
    ${userSecret} = {};
    ${vaultwardenSecret} = {};
  };
}