{
  config,
  pkgs,
  ...
}:

{
  services.roundcube = {
    enable = true;
    hostName = "webmail.example.com"; # the nginx vhost
    package = pkgs.roundcube.withPlugins (
      plugins: with plugins; [
        # external plugins to be included
        # https://search.nixos.org/packages?query=roundcubePlugins
        persistent_login
      ]
    );
    # activate plugins
    plugins = [
      "persistent_login"
      "managesieve" # built-in
    ];
    dicts = with pkgs.aspellDicts; [
      # https://search.nixos.org/packages?query=aspellDicts
      en
    ];
    maxAttachmentSize = config.mailserver.messageSizeLimit / 1024 / 1024;
    extraConfig = ''
      $config['imap_host'] = "ssl://${config.mailserver.fqdn}";
      $config['smtp_host'] = "ssl://${config.mailserver.fqdn}";
      $config['smtp_user'] = "%u";
      $config['smtp_pass'] = "%p";

      $config['managesieve_host'] = "tls://${config.mailserver.fqdn}";
      $config['managesieve_port'] = 4190;
      $config['managesieve_usetls'] = true;
    '';
  };

  services.nginx.virtualHosts.${config.services.rounducbe.hostName} = {
    enableACME = true;
    forceSSL = true;
  };

  networking.firewall.allowedTCPPorts = [
    80
    443
  ];
}