{
  imports = [
    ./hardware-configuration.nix
    ../../modules/mail.nix
    ../../roles
    ../../roles/vm.nix
    ../../modules/vmNetwork.nix
  ];

  # System configuration here
  services.mathebau-mail = {
    enable = true;
    domains = [
      # lists.mathebau.de is forwarded to another VM and does not need to be listed here.
      {
        domain = "matheball.de";
        allowlistPass = "/run/secrets/allowlistPassMatheball";
      }
      {
        domain = "mathebau.de";
        allowlistPass = "/run/secrets/allowlistPassMathebau";
        virt_aliases = "/run/secrets/mathebau.aliases";
      }
      {
        domain = "mathechor.de";
        allowlistPass = "/run/secrets/allowlistPassMathechor";
        virt_aliases = "/run/secrets/mathechor.aliases";
      }
      {
        domain = "koma89.tu-darmstadt.de";
        allowlistPass = "/run/secrets/allowlistPassKoMa";
        virt_aliases = "/run/secrets/koma.aliases";
      }
    ];
  };

  networking.hostName = "kaalut";
  vmNetwork.ipv4 = "192.168.0.17";
  system.stateVersion = "24.05";

  sops.secrets = {
    # Password for the HRZ API that gets a list of mailaddresses that we serve
    allowlistPassMatheball = {
      sopsFile = ./allowlistPassMatheball.yaml;
      owner = "stalwart-mail";
      group = "stalwart-mail";
      mode = "0400";
    };
    allowlistPassMathebau = {
      sopsFile = ./allowlistPassMathebau.yaml;
      owner = "stalwart-mail";
      group = "stalwart-mail";
      mode = "0400";
    };
    allowlistPassMathechor = {
      sopsFile = ./allowlistPassMathechor.yaml;
      owner = "stalwart-mail";
      group = "stalwart-mail";
      mode = "0400";
    };
    allowlistPassKoMa = {
      sopsFile = ./allowlistPassKoMa.yaml;
      owner = "stalwart-mail";
      group = "stalwart-mail";
      mode = "0400";
    };
    # Virtual alias file
    "mathebau.aliases" = {
      sopsFile = ./mathebau.aliases.yaml;
      owner = "stalwart-mail";
      group = "stalwart-mail";
      mode = "0440";
    };
    "mathechor.aliases" = {
      sopsFile = ./mathechor.aliases.yaml;
      owner = "stalwart-mail";
      group = "stalwart-mail";
      mode = "0440";
    };
    "koma.aliases" = {
      sopsFile = ./koma.aliases.yaml;
      owner = "stalwart-mail";
      group = "stalwart-mail";
      mode = "0440";
    };
    # password for https://stalw.art/docs/auth/authorization/administrator/#fallback-administrator
    stalwartAdmin = {
      sopsFile = ./stalwartAdmin.yaml;
      owner = "stalwart-mail";
      group = "stalwart-mail";
      mode = "0400";
    };
    backupKey = {
      sopsFile = ./backupKey.yaml;
      owner = "root";
      group = "root";
      mode = "0400";
    };
  };
}