diff --git a/hosts/vps/mailserver/default.nix b/hosts/vps/mailserver/default.nix
index be39db4..3ae683a 100644
--- a/hosts/vps/mailserver/default.nix
+++ b/hosts/vps/mailserver/default.nix
@@ -165,12 +165,6 @@
           add_header 'Referrer-Policy' 'origin-when-cross-origin';
           add_header X-Content-Type-Options nosniff;
         '';
-        restrictToVpn = ''
-          allow 10.0.0.2/32;
-          allow 10.0.0.3/32;
-          allow 10.0.0.4/32;
-          deny all;
-        '';
         extensions = [ "html" "txt" "png" "jpg" "jpeg" ];
         serveStatic = exts: ''
           try_files $uri $uri/ ${pkgs.lib.strings.concatStringsSep " " (builtins.map (x: "$uri." + "${x}") exts)} =404;
@@ -202,9 +196,6 @@
             };
             extraConfig = webshiteConfig;
           };
-          "${config.mailserver.fqdn}" = {
-            extraConfig = restrictToVpn;
-          };
           "src.idimitrov.dev" = {
             enableACME = true;
             forceSSL = true;
diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix
index 88804f9..a235ac7 100644
--- a/nixos/modules/default.nix
+++ b/nixos/modules/default.nix
@@ -291,6 +291,20 @@ top@{ inputs, moduleWithSystem, ... }: {
             $config['smtp_pass'] = "%p";
           '';
         };
+        nginx.virtualHosts =
+          let
+            restrictToVpn = ''
+              allow 10.0.0.2/32;
+              allow 10.0.0.3/32;
+              allow 10.0.0.4/32;
+              deny all;
+            '';
+          in
+          {
+            "${config.mailserver.fqdn}" = {
+              extraConfig = restrictToVpn;
+            };
+          };
         postgresql.enable = true;
       };
       security = {