{ config, ... }:
let
  inherit (import ./lib.nix config) blazestar;
in {
  
  virtualisation.oci-containers.containers.docker-mailserver = {
    image = "ghcr.io/docker-mailserver/docker-mailserver:latest";
    hostname = "mail.${blazestar}";
    autoStart = true;
    volumes = [
      "/tank/mailserver/mail-data:/var/mail"
      "/tank/mailserver/mail-state:/var/mail-state"
      "/tank/mailserver/mail-logs:/var/log/mail"
      "/tank/mailserver/config:/tmp/docker-mailserver"
      "/etc/localtime:/etc/localtime:ro"
      "/tank/config/traefik/acme/acme.json:/etc/letsencrypt/acme.json:ro"
    ];
    environmentFiles = [
      ./email/mailserver.env
    ];
    extraOptions = [
      # add network admin capability for Fail2Ban
      "--cap-add=NET_ADMIN"
    ];
    labels = {
      "traefik.enable" = "false";
    };
  };
}