NixServerConfig/module/roundcube.nix

{ config, pkgs, lib, ... }:

lib.mkIf config.module.roundcube.enable {
  age.secrets = {
    YfDrVBDJcVoYNZeJ = {
      file = ../secrets/cache/YfDrVBDJcVoYNZeJ;
    };
    LtnxWKwZdDIxAKzp = {
      file = ../secrets/cache/LtnxWKwZdDIxAKzp;
    };
  };


  services.roundcube = {
    enable = true;
    hostName = "${config.module.roundcube.subdomain}.${config.module.domain}";

    plugins = [ "multiple_accounts" ];
    configureNginx = false;

    extraConfig = ''
      $config['default_host'] = trim(
        file_get_contents('${config.age.secrets.LtnxWKwZdDIxAKzp.path}')
      );
      $config['default_port'] = 993;
      $config['smtp_server'] = trim(
        file_get_contents('${config.age.secrets.YfDrVBDJcVoYNZeJ.path}')
      );
      $config['smtp_port'] = 465;
      $config['smtp_user'] = '%u';
      $config['smtp_pass'] = '%p';
    '';

  };

  systemd.services.nginx.serviceConfig.ProtectHome = false;
  users.groups.roundcube.members = [ "nginx" ];
}