diff --git a/hosts/lapserv/default.nix b/hosts/lapserv/default.nix
index 5490548..b187cb8 100644
--- a/hosts/lapserv/default.nix
+++ b/hosts/lapserv/default.nix
@@ -5,7 +5,7 @@
 
   niksos = {
     server = true;
-    graphics.nvidia = true;
+    graphics.nvidia = false; #FIXME: Compile error
     graphics.intel = true;
   };
 
diff --git a/secrets/cloudflare-acme.age b/secrets/cloudflare-acme.age
new file mode 100644
index 0000000..1eed0e0
--- /dev/null
+++ b/secrets/cloudflare-acme.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 WCPLrA Qx18plLxh4puHXEbGkSllUYdHTRHTuzWSVa9+a8LTjs
+rbvHgdQQO/3zRqltjrhRwlTG3Qxh229XDiMdowY6eOQ
+-> ssh-ed25519 7/ziYw 8E2YjDNyz0nDtzU4DsDKfZVsysDT1PSi5vlbRS81cVY
+Y9e+Ijs9/3v9UjKA2QEbC+YO2cAk5akTeFpTqHztq+4
+-> ssh-ed25519 GQzYWA fwQu2OX+NcgABahCmRoRgndjyKXKk2oJ9XUnC3VSVjM
+hkF10T5hipEPyBv/aeoqv/Ti7wvcTRE7MgrGZsXPiFc
+-> ssh-ed25519 MfR7VA nEFPMwy5muKAQMKKgS+zfMmaHR2yxNWnEfgXJQUnEjA
+fDj5QT/NTitdVH4u99ht3SBoLM/6OiX4oAGbHYH+9bY
+--- 37290H3ViuAvNz1Y/gpmHDlYQ0Hg5q1tCQmjgFtKwQc
+����kF�˥5un�n��0skfH����F��R��tna�����8�)�#z�`B��ۄsI�:5�[�*h
\ No newline at end of file
diff --git a/secrets/default.nix b/secrets/default.nix
index 60e6bc6..b5d7956 100644
--- a/secrets/default.nix
+++ b/secrets/default.nix
@@ -19,5 +19,6 @@
         then config.services.matrix-continuwuity.user
         else "root";
     };
+    cloudflare-acme.file = ./cloudflare-acme.age;
   };
 }
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 321762d..df0f3e1 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -11,4 +11,5 @@ in {
   "password.age".publicKeys = systems;
   "dcbot.age".publicKeys = systems;
   "matrix-registration.age".publicKeys = systems;
+  "cloudflare-acme.age".publicKeys = systems;
 }
diff --git a/system/server/default.nix b/system/server/default.nix
index 618dcee..e04a03e 100644
--- a/system/server/default.nix
+++ b/system/server/default.nix
@@ -1,4 +1,4 @@
 {lib, ...}: {
-  imports = [./caddy.nix ./transfer-sh.nix ./seafile.nix ./bot.nix ./immich.nix ./matrix.nix];
+  imports = [./caddy.nix ./transfer-sh.nix ./seafile.nix ./bot.nix ./immich.nix ./matrix.nix ./mail.nix];
   options.niksos.server = lib.mkEnableOption "server servcies (such as caddy)."; #TODO: per service option.
 }
diff --git a/system/server/mail.nix b/system/server/mail.nix
new file mode 100644
index 0000000..5ae099b
--- /dev/null
+++ b/system/server/mail.nix
@@ -0,0 +1,87 @@
+{config, ...}: {
+  services.stalwart-mail = {
+    enable = true;
+    openFirewall = true;
+    settings = {
+      server = {
+        hostname = "mx1.jsw.tf";
+        tls = {
+          enable = true;
+          implicit = true;
+        };
+        listener = {
+          smtp = {
+            protocol = "smtp";
+            bind = "[::]:25";
+          };
+          submissions = {
+            bind = "[::]:465";
+            protocol = "smtp";
+          };
+          imaps = {
+            bind = "[::]:993";
+            protocol = "imap";
+          };
+          jmap = {
+            bind = "[::]:8080";
+            url = "https://mail.jsw.tf";
+            protocol = "jmap";
+          };
+          management = {
+            bind = ["127.0.0.1:8080"];
+            protocol = "http";
+          };
+        };
+      };
+      lookup.default = {
+        hostname = "mx1.jsw.tf";
+        domain = "jsw.tf";
+      };
+      acme."letsencrypt" = {
+        directory = "https://acme-v02.api.letsencrypt.org/directory";
+        challenge = "dns-01";
+        contact = "jswmail@proton.me";
+        domains = ["jsw.tf" "mx1.jsw.tf"];
+        provider = "cloudflare";
+        secret = "%{file:${config.age.secrets.cloudflare-acme.path}}%";
+      };
+      session.auth = {
+        mechanisms = "[plain]";
+        directory = "'in-memory'";
+      };
+      storage.directory = "in-memory";
+      session.rcpt.directory = "'in-memory'";
+      queue.outbound.next-hop = "'local'";
+      directory."imap".lookup.domains = ["jsw.tf"];
+      # directory."in-memory" = {
+      #   type = "memory";
+      #   principals = [
+      #     {
+      #       class = "individual";
+      #       name = "User 1";
+      #       secret = "%{file:/etc/stalwart/mail-pw1}%";
+      #       email = [""];
+      #     }
+      #   ];
+      # };
+      authentication.fallback-admin = {
+        user = "admin";
+        secret = "%{file:${config.age.secrets.password.path}}%";
+      };
+    };
+  };
+
+  services.caddy.virtualHosts = {
+    "webadmin.jsw.tf" = {
+      extraConfig = ''
+        reverse_proxy http://127.0.0.1:8080
+      '';
+      serverAliases = [
+        "mta-sts.example.org"
+        "autoconfig.example.org"
+        "autodiscover.example.org"
+        "mail.example.org"
+      ];
+    };
+  };
+}
diff --git a/system/server/seafile.nix b/system/server/seafile.nix
index ac18412..64756df 100644
--- a/system/server/seafile.nix
+++ b/system/server/seafile.nix
@@ -6,7 +6,7 @@
 }: {
   services.seafile = {
     enable = config.niksos.server;
-    seahubPackage = inputs.nixpkgs-stable.legacyPackages.${pkgs.system}.seahub;
+    seahubPackage = inputs.nixpkgs.legacyPackages.${pkgs.system}.seahub;
 
     adminEmail = "jurnwubben@gmail.com";
     initialAdminPassword = "ChangeMeTheFuckNow!";