{ config, lib, pkgs, ... }:

{
  networking.firewall.allowedTCPPorts = [ 80 443 ];

  services.nginx = {
    enable = true;
    
    recommendedOptimisation = true;
    recommendedTlsSettings = true;
    recommendedProxySettings = true;

    virtualHosts."noms.ing" = {
      enableACME = true;
      forceSSL = true;
      locations."/".root = ../../pkgs/nomsing;
    };
    virtualHosts."meow.noms.ing" = {
      enableACME = true;
      forceSSL = true;
      locations."/".root = ../../pkgs/nomsing;
    };
    virtualHosts."webring.noms.ing" = {
      enableACME = true;
      forceSSL = true;
      locations."~ (.*)".extraConfig = ''
        fastcgi_pass  unix:${config.services.fcgiwrap.socketAddress};
        include       ${pkgs.nginx}/conf/fastcgi_params;
        fastcgi_param SCRIPT_FILENAME     ${lib.getExe pkgs.nomsring};
        fastcgi_param PATH_INFO           $1;
      '';
    };
  };
  services.fcgiwrap.enable = true;
}