{ node, pkgs, config, ... }:

{

  dns.zones."ctu.cx".subdomains."smart.home".AAAA = [ node.ip6Address ];

  services.nginx = {
    enable = true;
    virtualHosts."smart.${config.networking.domain}" = {
      useACMEHost = "${config.networking.fqdn}";
      forceSSL    = true;
      kTLS        = true;
      extraConfig = ''
        ssl_crl /etc/ctucxCA.crl;
        ssl_client_certificate ${../../../../../secrets/certs/rootCA.crt};
        ssl_verify_client on;
      '';

      locations  = {
        "/" = {
          root  = "${pkgs.buildEnv {
            name  = "mqtt-webui-env";
            paths = [
              pkgs.mqtt-webui
              ./extra-css
              (pkgs.writeTextDir "config.json" (builtins.toJSON (import ./config.nix)))
            ];
          }}/";
        };
        "/mqtt" = {
          proxyPass       = "http://[::1]:9005";
          proxyWebsockets = true;
        };
      };
    };
  };

}