{config, ...}: let domain = config.services.nginx.domain; in { services.tlaternet-webserver = { enable = true; listen = { addr = "127.0.0.1"; port = 8000; }; }; # Set up SSL services.nginx.virtualHosts."${domain}" = let inherit (config.services.tlaternet-webserver.listen) addr port; in { serverAliases = ["www.${domain}"]; forceSSL = true; enableACME = true; extraConfig = '' add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; access_log /var/log/nginx/${domain}/access.log upstream_time; ''; locations."/".proxyPass = "http://${addr}:${toString port}"; }; }