diff --git a/devices/ellaca/options.nix b/devices/ellaca/options.nix
index 7dc7100..973c1fe 100644
--- a/devices/ellaca/options.nix
+++ b/devices/ellaca/options.nix
@@ -2,7 +2,7 @@
   conf = {
     ssh.enable = true;
     nginx.enable = true;
-    mail.enable = false; # broken
+    mail.enable = true; # broken
     website.enable = false; # broken
     fedi.enable = false; # broken
     matrix.enable = true; # broken
diff --git a/modules/default.nix b/modules/default.nix
index ad95431..d9a4e8f 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -5,6 +5,7 @@ in {
     ./apps
     ./containers
     ./fedi
+    ./firewall
     ./fonts
     ./games
     ./git
diff --git a/modules/firewall/default.nix b/modules/firewall/default.nix
new file mode 100644
index 0000000..89e0871
--- /dev/null
+++ b/modules/firewall/default.nix
@@ -0,0 +1,6 @@
+{ ... }: {
+  networking = {
+    nftables.enable = true;
+    firewall.enable = true;
+  };
+}
diff --git a/modules/mail/default.nix b/modules/mail/default.nix
index 65c3806..c8228d8 100644
--- a/modules/mail/default.nix
+++ b/modules/mail/default.nix
@@ -18,6 +18,8 @@ in mkIf conf.mail.enable {
     };
   };
 
+  users.users."stalwart-mail".extraGroups = [ "nginx" ];
+
   services.stalwart-mail = {
     enable = true;
     openFirewall = true;
@@ -35,7 +37,7 @@ in mkIf conf.mail.enable {
         };
         listener = {
           smtp = {
-            protocol = "smtp";
+            protocl = "smtp";
             bind = "[::]:25";
           };
           submissions = {
@@ -47,7 +49,7 @@ in mkIf conf.mail.enable {
             bind = "[::]:993";
           };
           jmap = {
-            protocol = "jmap";
+            protocol = "http";
             bind = "[::]:8080";
             url = "https://mail.chpu.eu";
           };
@@ -72,22 +74,22 @@ in mkIf conf.mail.enable {
       };
       storage.directory = "in-memory";
       session.rcpt.directory = "'in-memory'";
-      queue.outbound.next-hop = "'local'";
       directory."imap".lookup.demains = [ "chpu.eu" ];
       directory."in-memory" = {
         type = "memory";
         principals = [
           {
-            type = "individual";
-            name = "mira@chpu.eu";
-            secret = "%{file:/root/stalwart/secret/mira}%";
+            class = "individual";
+            name = "mira";
+            description = "Mira Chacku Purakal";
+            secret = "%{file:/var/lib/stalwart-mail/secret/mira}%";
             email = [ "mira@chpu.eu" ];
           }
         ];
       };
       authentication.fallback-admin = {
         user = "admin";
-        secret = "%{file:/root/stalwart/secret/admin}%";
+        secret = "%{file:/var/lib/stalwart-mail/secret/admin}%";
       };
     };
   };