{ config, pkgs, ... }:
let
  secrets = import ./secrets.nix;
in {
  imports = [
    ./hardware-configuration.nix
    # check https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/tags
    # for new releases
    (builtins.fetchTarball {
      url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.1/nixos-mailserver-v2.2.1.tar";
      sha256 = "03d49v8qnid9g9rha0wg2z6vic06mhp0b049s3whccn1axvs2zzx";
    })
  ];

  users.extraUsers.root = {
    openssh.authorizedKeys.keys = [ secrets.pubkey ];
  };

  boot.loader.grub.enable = true;
  boot.loader.grub.version = 2;
  boot.loader.grub.device = "/dev/vda";

  networking.hostName = "mail.dumpstack.io";

  networking.firewall.allowedTCPPorts = [ 443 ];

  environment.systemPackages = with pkgs; [
    htop
  ];

  mailserver = {
    enable = true;
    fqdn = "mail.dumpstack.io";
    domains = [ "dumpstack.io" ];
    loginAccounts = {
        "root@dumpstack.io" = {
            hashedPassword = "${secrets.mailHashedPassword}";
            aliases = secrets.aliases;
            catchAll = [ "dumpstack.io" ];
        };
    };

    certificateScheme = 3;      # Let's Encrypt
    enableImapSsl = true;

    rebootAfterKernelUpgrade.enable = true;
  };

  time.timeZone = "UTC";
  services.openssh.enable = true;

  system.autoUpgrade.enable = true;
  system.stateVersion = "19.03";

  nix = {
    optimise.automatic = true;
    gc = {
      automatic = true;
      options = "--delete-older-than 7d";
    };
  };
}