{ config, ... }:
let domain = "sourcephile.fr"; in
{
  services.postfix = {
    extraAliases = ''
  '';
    virtual = ''
      root@${domain} julm+root@${domain}
    '';
    tls_server_sni_maps =
      let
        chain = [
          "/var/lib/acme/${domain}/key.pem"
          "/var/lib/acme/${domain}/fullchain.pem"
        ];
      in
      {
        "smtp.${domain}" = chain;
        "mail.${domain}" = chain;
      };
    config = {
      virtual_mailbox_domains = [
        domain
      ];
    };
  };
  security.acme.certs."${domain}" = {
    postRun = "systemctl try-restart postfix";
  };
  systemd.services.postfix = {
    wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service" ];
    after = [ "acme-selfsigned-${domain}.service" ];
  };
}