add mta-sts

hosts/www/nginx.nix

@@ -10,6 +10,21 @@ in
   ];
 
   services.nginx.virtualHosts = {
+    "mta-sts.${config.networking.domain}" = {
+      quic = true;
+      kTLS = true;
+      forceSSL = true;
+      enableACME = true;
+      extraConfig = ''
+        add_header Strict-Transport-Security max-age=15768000;
+      '';
+      locations."= /.well-known/mta-sts.txt" = {
+        alias = "/srv/http/mta-sts.txt";
+        extraConfig = ''
+          default_type text/plain;
+        '';
+      };
+    };
     "www.${config.networking.domain}" = {
       default = true;
       serverAliases = [ config.networking.domain ];