docs: configure ACME HTTP-01 with nginx in setup example

docs/release-notes.rst

@@ -10,12 +10,14 @@ NixOS 26.05
   and private key using :option:`mailserver.x509.certificateFile` and
   :option:`mailserver.x509.privateKeyFile` instead. Support for automatic
   creation of self-signed certificates has been removed.
+  Check the updated `setup guide`_ for a basic ACME HTTP-01 example.
 - Cleartext password files can now be configured for login accounts. This
   is an alternative to hashed passwords that integrates well with workflows
   establishsed by `agenix`_/`sops-nix`_ that rely on encryption. This option
   prevents files from leaking in to the Nix store.
   See :option:`mailserver.loginAccounts.<name>.passwordFile`.
 
+.. _setup guide: setup-guide.html#setup-the-server
 .. _agenix: https://github.com/ryantm/agenix
 .. _sops-nix: https://github.com/Mic92/sops-nix
 

docs/setup-example.nix

@@ -16,12 +16,14 @@
   security.acme = {
     acceptTerms = true;
     defaults.email = "security@example.com";
-    certs.${config.mailserver.fqdn} = {
-      # Further setup required, check the manual:
-      # https://nixos.org/manual/nixos/stable/#module-security-acme
-    };
   };
 
+  # Allow incoming HTTP connections
+  networking.firewall.allowedTCPPorts = [ 80 ];
+
+  # Enable ACME HTTP-01 challenge with nginx
+  services.nginx.virtualHosts.${config.mailserver.fqdn}.enableACME = true;
+
   mailserver = {
     enable = true;
     stateVersion = 3;