{ config, ... }:
let
  domain = config.services.nginx.domain;
in
{
  services.tlaternet-webserver = {
    enable = true;
    listen = {
      addr = "127.0.0.1";
      port = 8000;
    };
  };

  # Set up SSL
  services.nginx.virtualHosts."${domain}" =
    let
      inherit (config.services.tlaternet-webserver.listen) addr port;
    in
    {
      serverAliases = [ "www.${domain}" ];

      forceSSL = true;
      useACMEHost = "tlater.net";
      enableHSTS = true;

      locations."/".proxyPass = "http://${addr}:${toString port}";
    };
}