diff --git a/hosts/bekkalokk/configuration.nix b/hosts/bekkalokk/configuration.nix
index 795e0db..358c43e 100644
--- a/hosts/bekkalokk/configuration.nix
+++ b/hosts/bekkalokk/configuration.nix
@@ -12,6 +12,7 @@
     # ./services/website.nix
     ./services/nginx.nix
     ./services/gitea/default.nix
+    ./services/webmail
     # ./services/mediawiki.nix
   ];
 
diff --git a/hosts/bekkalokk/services/webmail/default.nix b/hosts/bekkalokk/services/webmail/default.nix
new file mode 100644
index 0000000..e61ad00
--- /dev/null
+++ b/hosts/bekkalokk/services/webmail/default.nix
@@ -0,0 +1,15 @@
+{ config, values, pkgs, lib, ... }:
+{
+  imports = [
+    ./roundcube.nix
+  ];
+
+  services.nginx.virtualHosts."webmail2.pvv.ntnu.no" = {
+    forceSSL = true;
+    enableACME = true;
+    #locations."/" = lib.mkForce { };
+    locations."= /" = {
+      return = "301 https://www.pvv.ntnu.no/mail/";
+    };
+  };
+}
diff --git a/hosts/bekkalokk/services/webmail/roundcube.nix b/hosts/bekkalokk/services/webmail/roundcube.nix
new file mode 100644
index 0000000..c47caae
--- /dev/null
+++ b/hosts/bekkalokk/services/webmail/roundcube.nix
@@ -0,0 +1,74 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+let
+  cfg = config.services.roundcube;
+  domain = "webmail2.pvv.ntnu.no";
+in 
+{
+  services.roundcube = {
+    enable = true;
+
+    package = pkgs.roundcube.withPlugins (plugins: with plugins; [
+      persistent_login
+      thunderbird_labels
+      contextmenu
+      custom_from
+    ]);
+
+    dicts = with pkgs.aspellDicts; [ en en-science en-computers nb nn fr de it ];
+    maxAttachmentSize = 20;
+    hostName = "roundcubeplaceholder.example.com";
+
+    extraConfig = ''
+      $config['enable_installer'] = false;
+      $config['default_host'] = "ssl://imap.pvv.ntnu.no";
+      $config['default_port'] = 993;
+      $config['smtp_server'] = "ssl://smtp.pvv.ntnu.no";
+      $config['smtp_port'] = 465;
+      $config['mail_domain'] = "pvv.ntnu.no";
+      $config['smtp_user'] = "%u";
+      $config['support_url'] = "";
+    '';
+  };
+
+  services.nginx.virtualHosts."roundcubeplaceholder.example.com" = lib.mkForce { };
+
+  services.nginx.virtualHosts.${domain} = {
+    locations."/roundcube" = {
+      tryFiles = "$uri $uri/ =404";
+      index = "index.php";
+      root = pkgs.runCommandLocal "roundcube-dir" { } ''
+        mkdir -p $out
+        ln -s ${cfg.package} $out/roundcube
+      '';
+      extraConfig = ''
+        location ~ ^/roundcube/(${builtins.concatStringsSep "|" [
+        # https://wiki.archlinux.org/title/Roundcube
+        "README"
+        "INSTALL"
+        "LICENSE"
+        "CHANGELOG"
+        "UPGRADING"
+        "bin"
+        "SQL"
+        ".+\\.md"
+        "\\."
+        "config"
+        "temp"
+        "logs"
+        ]})/? {
+          deny all;
+        }
+
+        location ~ ^/roundcube/(.+\.php)(/?.*)$ {
+          fastcgi_split_path_info ^/roundcube(/.+\.php)(/.+)$;
+          include ${config.services.nginx.package}/conf/fastcgi_params;
+          include ${config.services.nginx.package}/conf/fastcgi.conf;
+          fastcgi_index index.php;
+          fastcgi_pass unix:${config.services.phpfpm.pools.roundcube.socket};
+        }
+      '';
+    };
+  };
+}