{ pkgs, lib, ... }: { age.secrets."mail@b12f.io-password" = { file = "${flake.self}/secrets/mail@b12f.io-password.age"; mode = "400"; owner = "maddy"; }; services.maddy = { enable = true; primaryDomain = "b12f.io"; ensureAccounts = [ "mail@b12f.io" ]; ensureCredentials = { # Do not use this in production. This will make passwords world-readable # in the Nix store "mail@b12f.io".passwordFile = "${pkgs.writeText "postmaster" "test"}"; }; tls = { certificates = [ { keyPath = ""; certPath = ""; } ]; }; }; }