{ config, pkgs, ... }:

let 
    unstable = import <nixos-unstable> { config = {  allowUnfree = true; }; };
in

{
  services.nginx.virtualHosts."mailcow.stubbe.rocks" = {
      enableACME = true;
      forceSSL = true;
      default = true;
      locations."/".proxyPass = "http://localhost:7080";
      serverName = "v22017115146555724.happysrv.de";
      serverAliases = [
        "testmail.stubbe.rocks"
        "mailcow.stubbe.rocks"
        "stubbe.rocks"
#        "autodiscover.testmail.stubbe.rocks"
#        "autoconfig.testmail.stubbe.rocks"  
#        "autodiscover.mailcow.stubbe.rocks"
#        "autoconfig.mailcow.stubbe.rocks"      
      ];
  };

security.acme.certs."v22017115146555724.happysrv.de".postRun = ''
	cp fullchain.pem /opt/mailcow-dockerized/data/assets/ssl/cert.pem  
	cp key.pem /opt/mailcow-dockerized/data/assets/ssl/key.pem  
	cp chain.pem /opt/mailcow-dockerized/data/assets/ssl/chain.pem  
'';

#services.nginx.virtualHosts."webmail.stubbe.rocks" = {
#       enableACME = true;
#       forceSSL = true;
#       locations."/".proxyPass = "http://localhost:7080/SOGo/";
#};

  systemd = {
    timers.mailcow-update = {
      wantedBy = [ "timers.target" ];
      partOf = [ "mailcow-update.service" ];
      timerConfig.OnCalendar = "weekly";
    };
    services.mailcow-update = {
      path = [
	pkgs.bash        
        pkgs.git
        pkgs.curl
        pkgs.gawk
        pkgs.docker
        unstable.docker-compose
        pkgs.which
        pkgs.coreutils-full
	pkgs.unixtools.ping
	pkgs.iptables
	pkgs.openssl
      ];
      serviceConfig.Type = "oneshot";
      script = ''
	cd /opt/mailcow-dockerized
	./update.sh --no-update-compose --force --no-show-forced-updates
      '';         
    };
 };
}