{ inputs, config, ... }:
let
  floatingIPv4 = "78.47.245.200";
in
{
  imports = [
    ./disk-config.nix
    {
      _module.args.disks = [ "/dev/sda" ];
    }

    inputs.nixos-mailserver.nixosModules.mailserver

    ../common/servers
  ];

  time.timeZone = "Europe/Berlin";

  networking.hostName = "mail-01";
  networking.interfaces.enp1s0 = {
    ipv4.addresses = [
      {
        address = floatingIPv4;
        prefixLength = 32;
      }
    ];
  };
  networking.defaultGateway = {
    address = "172.31.1.1";
    interface = "enp1s0";
  };
  networking.nameservers = [ "8.8.8.8" ];

  sops.secrets.mail-password-lander = {
    owner = "root";
    group = "root";
    sopsFile = ./secrets.yaml;
  };

  sops.secrets.mail-password-authelia = {
    owner = "root";
    group = "root";
    sopsFile = ./secrets.yaml;
  };

  mailserver = {
    enable = true;
    fqdn = "mail.escapeangle.com";
    domains = [ "escapeangle.com" ];

    loginAccounts = {
      "lander@escapeangle.com" = {
        hashedPasswordFile = config.sops.secrets.mail-password-lander.path;

        aliases = [
          "postmaster@escapeangle.com"
        ];

        catchAll = [
          "escapeangle.com"
        ];
      };

      "authelia@escapeangle.com" = {
        hashedPasswordFile = config.sops.secrets.mail-password-authelia.path;
      };
    };

    extraVirtualAliases = {
      "abuse@escapeangle.com" = "lander@escapeangle.com";
    };

    certificateScheme = "acme-nginx";

    enableImap = true;
    enableImapSsl = true;

    enableManageSieve = true;

    virusScanning = true;
  };

  services.postfix.config = {
    "smtp_bind_address" = floatingIPv4;
  };

  security.acme.defaults.email = "landervandenbulcke@gmail.com";
  security.acme.acceptTerms = true;

  system.stateVersion = "24.11";
}