#  nixos-mailserver: a simple mail server
#  Copyright (C) 2016-2018  Robin Raymond
#
#  This program is free software: you can redistribute it and/or modify
#  it under the terms of the GNU General Public License as published by
#  the Free Software Foundation, either version 3 of the License, or
#  (at your option) any later version.
#
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#
#  You should have received a copy of the GNU General Public License
#  along with this program. If not, see <http://www.gnu.org/licenses/>

{ config, lib, ... }:

let
  cfg = config.mailserver;
in
{
  config = lib.mkIf (cfg.enable && cfg.openFirewall) {

    networking.firewall = {
      allowedTCPPorts =
        [ 25 ]
        ++ lib.optional cfg.enableSubmission 587
        ++ lib.optional cfg.enableSubmissionSsl 465
        ++ lib.optional cfg.enableImap 143
        ++ lib.optional cfg.enableImapSsl 993
        ++ lib.optional cfg.enablePop3 110
        ++ lib.optional cfg.enablePop3Ssl 995
        ++ lib.optional cfg.enableManageSieve 4190
        ++ lib.optional (cfg.certificateScheme == "acme-nginx") 80;
    };
  };
}