{ config, ... }:

let

  webmailHostName = "webmail.${config.networking.domain}";

in

{
  services.roundcube = {
    enable = true;
    hostName = webmailHostName;
    extraConfig = ''
      $config['smtp_host'] = 'tls://%h';
      $config['smtp_conn_options'] = [
        'ssl' => [
          'verify_peer' => false,
          'verify_peer_name' => false,
        ],
      ];
    '';
  };

  # not sure why this is currently working w/o the following
  #
  # services.nginx.virtualHosts."${webmailHostName}" = {
  #   onlySSL = true;
  #   forceSSL = lib.mkForce false;
  #   enableACME = lib.mkForce false;
  #   useACMEHost = config.networking.domain;
  # };
  # security.acme.certs."${config.networking.domain}".extraDomainNames = [
  #   webmailHostName
  # ];

}