From 3943ec3356a21368b8bb980c46579353c3a1da29 Mon Sep 17 00:00:00 2001
From: Thomas Preisner <mail@tpreisner.de>
Date: Sat, 30 Nov 2024 19:37:23 +0100
Subject: [PATCH] mailsystem: Add nginx configuration to retrieve letsencrypt
 certificate

---
 mailsystem/default.nix | 21 +++++++++++++++++++++
 mailsystem/nginx.nix   | 20 ++++++++++++++++++++
 2 files changed, 41 insertions(+)
 create mode 100644 mailsystem/default.nix
 create mode 100644 mailsystem/nginx.nix

diff --git a/mailsystem/default.nix b/mailsystem/default.nix
new file mode 100644
index 0000000..886e5e2
--- /dev/null
+++ b/mailsystem/default.nix
@@ -0,0 +1,21 @@
+{lib, ...}: {
+  options.mailsystem = {
+    enable = lib.mkEnableOption "nixos-mailsystem";
+
+    openFirewall = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "Automatically open ports in the firewall.";
+    };
+
+    fqdn = lib.mkOption {
+      type = lib.types.str;
+      example = "mail.example.com";
+      description = "Fully qualified domain name of the mail server.";
+    };
+  };
+
+  imports = [
+    ./nginx.nix
+  ];
+}
diff --git a/mailsystem/nginx.nix b/mailsystem/nginx.nix
new file mode 100644
index 0000000..2bb294b
--- /dev/null
+++ b/mailsystem/nginx.nix
@@ -0,0 +1,20 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  cfg = config.mailsystem;
+in {
+  config = lib.mkIf cfg.enable {
+    services.nginx = {
+      enable = true;
+      virtualHosts."${cfg.fqdn}" = {
+        forceSSL = true;
+        enableACME = true;
+      };
+    };
+
+    networking.firewall.allowedTCPPorts = lib.optionals cfg.openFirewall [80 443];
+  };
+}