diff --git a/machines/109-199-104-83/configuration.nix b/machines/109-199-104-83/configuration.nix
index 1ec2aa7..2699370 100644
--- a/machines/109-199-104-83/configuration.nix
+++ b/machines/109-199-104-83/configuration.nix
@@ -3,16 +3,28 @@
   modulesPath,
   machine,
   ...
-}: rec {
+}: {
+  # roundcube config
+  services.roundcube = {
+    enable = true;
+    hostName = "webmail.${config.networking.domain}";
+    extraConfig = ''
+      $config['imap_host'] = "ssl://${config.mailserver.fqdn}";
+      $config['smtp_host'] = "ssl://${config.mailserver.fqdn}";
+      $config['smtp_user'] = "%u";
+      $config['smtp_pass'] = "%p";
+    '';
+  };
+
   # mailserver config
   mailserver = {
     enable = true;
     stateVersion = 3;
-    fqdn = "mail.${networking.domain}";
-    domains = ["${networking.domain}"];
+    fqdn = "mail.${config.networking.domain}";
+    domains = ["${config.networking.domain}"];
     x509.useACMEHost = config.mailserver.fqdn;
     loginAccounts = {
-      "test@${networking.domain}" = {
+      "test@${config.networking.domain}" = {
         hashedPasswordFile = builtins.toString config.age.secrets.secret3.path;
       };
     };
@@ -25,7 +37,7 @@
   };
   services.nginx = {
     enable = true;
-    virtualHosts."mail.${networking.domain}" = {
+    virtualHosts."mail.${config.networking.domain}" = {
       forceSSL = true;
       enableACME = true;
     };