mailsystem: Add nginx configuration to retrieve letsencrypt certificate

mailsystem/nginx.nix

@@ -0,0 +1,20 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  cfg = config.mailsystem;
+in {
+  config = lib.mkIf cfg.enable {
+    services.nginx = {
+      enable = true;
+      virtualHosts."${cfg.fqdn}" = {
+        forceSSL = true;
+        enableACME = true;
+      };
+    };
+
+    networking.firewall.allowedTCPPorts = lib.optionals cfg.openFirewall [80 443];
+  };
+}