{
  config,
  lib,
  ...
}:
let
  cfg = config.my.servers;
in
{
  config = lib.mkIf (config.my.secureHost && (cfg.nextcloud.enable or cfg.gitea.enable)) {
    sops.secrets.smtp-password = { };
    programs.msmtp = {
      enable = true;
      accounts.default = {
        auth = true;
        host = "smtp.gmail.com";
        port = 587;
        tls = true;
        from = config.my.smtpemail;
        user = config.my.smtpemail;
        passwordeval = "cat ${config.sops.secrets.smtp-password.path}";
      };
    };
  };
}