{ ... } @ args:

let
  passwords = import ../../variables/passwords.crypt.nix;

in args // {
  config = { pkgs, ... }: {
    imports = [
      ../profiles/containers/configuration.nix
      ../profiles/common/user.nix
    ];

    networking.firewall.enable = false;

    services.ddclientovh = {
        enable = true;
        domain = "mailserver.svc.stefanjunker.de";
    };

    services.dovecot2 = {
      enable = true;

      modules = [ pkgs.dovecot_pigeonhole ];
      protocols = [ "sieve" ];

      enableImap = true;
      enableLmtp = true;
      enablePAM = true;
      showPAMFailure = true;
      mailLocation = "maildir:~/.maildir";
      sslServerCert = "/etc/secrets/server.pem";
      sslServerKey = "/etc/secrets/server.key";

      #configFile = "/etc/dovecot/dovecot2_manual.conf";
      extraConfig = ''
        auth_mechanisms = cram-md5 digest-md5
        auth_verbose = yes
        
        passdb {
          driver = passwd-file
          args = scheme=CRYPT username_format=%u /etc/dovecot/users
        }

      '';

    };

    environment.etc."dovecot/users".text = ''
      steveej:${passwords.email.steveej}
    '';

    systemd.services.steveej-getmail-stefanjunker = {
      enable = true;
      wantedBy = [ "multi-user.target" ];
      serviceConfig.User = "steveej";
      serviceConfig.Group = "users";
      description = "Getmail service";
      path = [ pkgs.getmail ];
      script = let
          rc = pkgs.writeText "mailATstefanjunker.de.getmail.rc" ''
            [options]
            verbose = 1
            read_all = 0
            delete_after = 30

            [retriever]
            type = SimpleIMAPSSLRetriever
            server = ssl0.ovh.net
            port = 993
            username = mail@stefanjunker.de
            password = ${passwords.email.mailStefanjunkerDe}
            mailboxes = ('INBOX',)

            [destination]
            type = Maildir
            path = ~/.maildir/
          '';
        in ''
          getmail --rcfile=${rc} --idle=INBOX
      '';
    };

    systemd.services.steveej-getmail-webde = {
      enable = true;
      wantedBy = [ "multi-user.target" ];
      serviceConfig.User = "steveej";
      serviceConfig.Group = "users";
      description = "Getmail service";
      path = [ pkgs.getmail ];
      serviceConfig.RestartSec = 900;
      serviceConfig.Restart = "always";
      script = let
          rc = pkgs.writeText "schtifATweb.de.getmail.rc" ''
            [options]
            verbose = 1
            read_all = 0
            delete_after = 30

            [retriever]
            type = SimpleIMAPSSLRetriever
            server = imap.web.de
            port = 993
            username = schtif
            password = ${passwords.email.schtifATwebDe}
            mailboxes = ('INBOX',)

            [destination]
            type = Maildir
            path = ~/.maildir/
          '';
        in ''
          getmail --rcfile=${rc}
      '';
      };
    };

  autoStart = true;

  bindMounts = {
    "/etc/secrets/" = { 
      hostPath = "/var/lib/container-volumes/mailserver/etc-secrets";
      isReadOnly = false;
    };

    "/home" = { 
      hostPath = "/var/lib/container-volumes/mailserver/home";
      isReadOnly = false;
    };
  };

  privateNetwork = true ;
  forwardPorts = [
    {
      # imaps
      containerPort = 993;
      hostPort = 993;
      protocol = "tcp";
    }

    {
      # sieve
      containerPort = 4190;
      hostPort = 4190;
      protocol = "tcp";
    }
  ];
}