nixos/modules/services/realmail.nix

{ config, pkgs, ... }: {
  imports = [
    (builtins.fetchTarball {
      # Pick a release version you are interested in and set its hash, e.g.
      url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-25.05/nixos-mailserver-nixos-25.05.tar.gz";
      # To get the sha256 of the nixos-mailserver tarball, we can use the nix-prefetch-url command:
      # release="nixos-25.05"; nix-prefetch-url "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${release}/nixos-mailserver-${release}.tar.gz" --unpack
      sha256 = "0jpp086m839dz6xh6kw5r8iq0cm4nd691zixzy6z11c4z2vf8v85";
    })
  ];

	mailserver = {
		enable = true;
		fqdn = "mail.hahn1.one";
		domains = [ "hahn1.one" ];

		# A list of all login accounts. To create the password hashes, use
		# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
		loginAccounts = {
			"jonas@hahn1.one" = {
				# mail4jonas
				hashedPassword = "$2b$05$aOMZAUvp4p42su99UwQ0FeKPTVKrHBJX1w7IBG9J39rSjSqyT5Y7C";
				aliases = ["postmaster@hahn1.one" "j@hahn1.one"];
			};
			"security@hahn1.one" = {
				# mail4jonas
				hashedPassword = "$2b$05$aOMZAUvp4p42su99UwQ0FeKPTVKrHBJX1w7IBG9J39rSjSqyT5Y7C";
				aliases = ["sec@hahn1.one"];
			};
			"christiane@hahn1.one" = {
				# mail4jonas
				hashedPassword = "$2b$05$nfE1Iou57TvnAH.BfFdsEOsrbxZDovNPVme3PTG/ZMAG3T6OC968q";
				aliases = ["ch@hahn1.one"];
			};
			"horst@hahn1.one" = {
				# mail4jonas
				hashedPassword = "$2b$05$nfE1Iou57TvnAH.BfFdsEOsrbxZDovNPVme3PTG/ZMAG3T6OC968q";
				aliases = ["ho@hahn1.one"];
			};
			"theo@hahn1.one" = {
				# mail4jonas
				hashedPassword = "$2b$05$nfE1Iou57TvnAH.BfFdsEOsrbxZDovNPVme3PTG/ZMAG3T6OC968q";
				aliases = ["th@hahn1.one"];
			};
		};

		# Use Let's Encrypt certificates. Note that this needs to set up a stripped
		# down nginx and opens port 80.
		certificateScheme = "acme-nginx";
	};
}