diff --git a/applications/email.nix b/applications/email.nix
index 4497854..d8cb1b0 100644
--- a/applications/email.nix
+++ b/applications/email.nix
@@ -131,10 +131,29 @@
       "${cfg.sub}.${cfg.domain}" = {
         forceSSL    = true;
         useACMEHost = "skynet";
+        # override teh inbuilt nginx config
+        enableACME = false;
         serverName  = "${cfg.sub}.${cfg.domain}";
       };
     };
 
+    #https://nixos-mailserver.readthedocs.io/en/latest/add-roundcube.html
+    users.groups.nginx = {};
+    services.roundcube = {
+      enable = true;
+      database.username = "roundcube";
+      # this is the url of the vhost, not necessarily the same as the fqdn of
+      # the mailserver
+      hostName = "${cfg.sub}.${cfg.domain}";
+      extraConfig = ''
+        # starttls needed for authentication, so the fqdn required to match
+        # the certificate
+        $config['smtp_server'] = "tls://${cfg.sub}.${cfg.domain}";
+        $config['smtp_user'] = "%u";
+        $config['smtp_pass'] = "%p";
+      '';
+    };
+
     mailserver = {
       enable = true;
       fqdn = "${cfg.sub}.${cfg.domain}";