refactored system

system/web-server/nginx.nix

@@ -0,0 +1,34 @@
+{ config, ... }:
+
+{
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+
+    virtualHosts = {
+
+      "${config.networking.domain}" = {
+        onlySSL = true;
+        useACMEHost = config.networking.domain;
+        locations."/" = {
+          return = "200 'This domain used for e-mail hosting only.'";
+          extraConfig = ''
+            add_header Content-Type text/plain;
+          '';
+        };
+      };
+
+      "${config.networking.fqdn}" = {
+        onlySSL = true;
+        useACMEHost = config.networking.domain;
+        locations."/" = {
+          return = "404";
+        };
+      };
+
+    };
+  };
+}