initial commit, after deletion :)

config/http/default.nix

@@ -0,0 +1,29 @@
+{config, ...}: let
+  customDomain = config.customOps.domain;
+in {
+  networking.firewall.allowedTCPPorts = [80 443];
+
+  services.nginx = {
+    enable = true;
+
+    recommendedTlsSettings = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+    recommendedUwsgiSettings = true;
+    recommendedProxySettings = true;
+    recommendedBrotliSettings = true;
+
+    sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
+
+    virtualHosts.${customDomain} = {
+      root = "/var/www/${customDomain}";
+      forceSSL = true;
+      enableACME = true;
+    };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "security@${config.mailserver.fqdn}";
+  };
+}