{ pkgs, lib, config, ... }:
let
  domain = "sourcephile.fr";
in
{
systemd.services.postfix.after = [
  "${domain}.key.pem-key.service"
];
services.postfix = {
  config = {
    virtual_mailbox_domains = [ domain ];
  };
  virtual = ''
    root@${domain}       julm@${domain}
    admin@${domain}      julm@${domain}
    webmaster@${domain}  julm@${domain}
    postmaster@${domain} julm@${domain}
  '';
  config = {
    virtual_alias_maps = [
      ("ldap:"+pkgs.writeText "ldap-forward.cf" ''
        version          = 3
        debuglevel       = 0
        server_host      = ldapi://
        bind             = sasl
        sasl_mechs       = EXTERNAL
        search_base      = ou=posix,dc=sourcephile,dc=fr
        scope            = sub
        dereference      = 0
        query_filter     = (&(mail=%s)(mailEnabled=TRUE))
        result_format    = %s
        result_attribute = mailForwardingAddress
      '')
      ("ldap:"+pkgs.writeText "ldap-virtual_alias_maps.cf" ''
        version          = 3
        debuglevel       = 0
        server_host      = ldapi://
        bind             = sasl
        sasl_mechs       = EXTERNAL
        search_base      = ou=posix,dc=sourcephile,dc=fr
        scope            = sub
        dereference      = 0
        query_filter     = (&(mailAlias=%s)(mailEnabled=TRUE))
        result_format    = %s
        result_attribute = mail
      '')
    ];
  };
  # Allowed MAIL FROM addresses that belong to a given SASL authenticated user.
  submissions.smtpd_sender_login_maps = [
    ("ldap:"+pkgs.writeText "ldap-senders.cf" ''
      version          = 3
      debuglevel       = 0
      server_host      = ldapi://
      bind             = sasl
      sasl_mechs       = EXTERNAL
      search_base      = ou=posix,dc=sourcephile,dc=fr
      scope            = sub
      dereference      = 0
      query_filter     = (&(|(mail=%s)(mailAlias=%s))(mailEnabled=TRUE))
      result_format    = %s
      result_attribute = uid
    '')
  ];
};
}