{ config, lib, pkgs, ... }:
{
  imports = [ ./orbekk-pkgs.nix ];

  networking.firewall.allowedTCPPorts = [ 80 443 ];
  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    appendHttpConfig = ''
      # This is a workaround to deal with closed connections on
      # large downloads.
      proxy_buffering off;
    '';
    virtualHosts = {
      "orbekk.com" = {
        enableACME = true;
        forceSSL = true;
        root = "/storage/srv/orbekk.com";
      };
      "shape.orbekk.com" = {
        enableACME = true;
        forceSSL = true;
        root = "/storage/srv/orbekk.com";
      };
      "kj.orbekk.com" = {
        enableACME = true;
        forceSSL = true;
        root = "${pkgs.www-orbekk}";
        locations."/" = {
          extraConfig = ''
            try_files $uri @storage;
          '';
        };
        locations."@storage" = {
          root = "/storage/srv/kj.orbekk.com";
          extraConfig = ''
	    autoindex on;
	  '';
        };
	locations."/systemd" = {
          proxyPass = "http://10.0.20.15:11105/";
	};
        locations."/hledger" = {
          extraConfig = ''return 302 /hledger/;'';
        };
        # locations."/hledger/" = {
        #   proxyPass = "http://localhost:5000/";
        #   extraConfig = ''
        #     auth_basic "hledger";
        #     auth_basic_user_file /opt/site/hledger-htpasswd;
        #   '';
        # };
        locations."/_matrix" = {
          proxyPass = "http://10.0.20.15:11102";
        };
      };
      "git.orbekk.com" = {
        enableACME = true;
        forceSSL = true;
        locations."/".proxyPass = "http://10.0.20.15:11103";
      };
      "hydra.orbekk.com" = {
        enableACME = true;
        forceSSL = true;
        locations."/" = {
          proxyPass = "http://10.0.20.15:11101";
        };
      };
    };
  };
}