diff --git a/mailsystem/default.nix b/mailsystem/default.nix
new file mode 100644
index 0000000..886e5e2
--- /dev/null
+++ b/mailsystem/default.nix
@@ -0,0 +1,21 @@
+{lib, ...}: {
+  options.mailsystem = {
+    enable = lib.mkEnableOption "nixos-mailsystem";
+
+    openFirewall = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "Automatically open ports in the firewall.";
+    };
+
+    fqdn = lib.mkOption {
+      type = lib.types.str;
+      example = "mail.example.com";
+      description = "Fully qualified domain name of the mail server.";
+    };
+  };
+
+  imports = [
+    ./nginx.nix
+  ];
+}
diff --git a/mailsystem/nginx.nix b/mailsystem/nginx.nix
new file mode 100644
index 0000000..2bb294b
--- /dev/null
+++ b/mailsystem/nginx.nix
@@ -0,0 +1,20 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  cfg = config.mailsystem;
+in {
+  config = lib.mkIf cfg.enable {
+    services.nginx = {
+      enable = true;
+      virtualHosts."${cfg.fqdn}" = {
+        forceSSL = true;
+        enableACME = true;
+      };
+    };
+
+    networking.firewall.allowedTCPPorts = lib.optionals cfg.openFirewall [80 443];
+  };
+}