{config, ...}: {
  imports = [
    ./hardware-configuration.nix
    ../../modules/mail.nix
    ../../roles
    ../../roles/vm.nix
    ../../modules/vmNetwork.nix
  ];

  # System configuration here
  services.mathebau-mail = {
    enable = true;
    # see passwd on azathoth for plaintext or machine secret in encoded format for HTTP Basic AUTH
    stalwartAdminHash = "$argon2i$v=19$m=4096,t=3,p=1$d0hYOTkzclpzSmFTZUplWnhVeWE$I7q9uB19RWL0oZKaPlMPSlGfFp6FQ/vrx80FFKCsalg";
    domains = [
      # lists.mathebau.de is forwarded to another VM and does not need to be listed here.
      {
        domain = "matheball.de";
        allowlistPass = config.sops.secrets."allowlistPass/matheball".path;
      }
      {
        domain = "mathebau.de";
        allowlistPass = config.sops.secrets."allowlistPass/mathebau".path;
        virt_aliases = config.sops.secrets."mathebau.aliases".path;
      }
      {
        domain = "mathechor.de";
        allowlistPass = config.sops.secrets."allowlistPass/mathechor".path;
        virt_aliases = config.sops.secrets."mathechor.aliases".path;
      }
      {
        domain = "koma89.tu-darmstadt.de";
        allowlistPass = config.sops.secrets."allowlistPass/koma".path;
        virt_aliases = config.sops.secrets."koma.aliases".path;
      }
    ];
  };

  networking.hostName = "kaalut";
  vmNetwork.ipv4 = "192.168.0.17";
  system.stateVersion = "24.05";

  sops.secrets = {
    # Virtual alias file
    "mathebau.aliases" = {
      sopsFile = ./mathebau.aliases.yaml;
      owner = "stalwart-mail";
      group = "stalwart-mail";
      mode = "0440";
    };
    "mathechor.aliases" = {
      sopsFile = ./mathechor.aliases.yaml;
      owner = "stalwart-mail";
      group = "stalwart-mail";
      mode = "0440";
    };
    "koma.aliases" = {
      sopsFile = ./koma.aliases.yaml;
      owner = "stalwart-mail";
      group = "stalwart-mail";
      mode = "0440";
    };
    backupKey = {
      sopsFile = ./backupKey.yaml;
      owner = "root";
      group = "root";
      mode = "0400";
    };
  };
}