{ pkgs, lib, config, ... }:

let
  domains = [
    "flauschehorn.sexy"
    "wifionic.de"
  ];

  subdomains = [
    "dav"
    "photos"
    "briefkasten"
    "solar-system-nrw"
    "home"
    "legacy.home"
    "briefkasten.home"
    "fedi.home"
    "influx.home"
    "smart.home"
    "music.home"
    "wiki.home"
    "things.home"
    "travelynx2fedi.home"
  ];

in {

  services.nginx.clientMaxBodySize = "2g";

  dns.zones = lib.mkMerge [
    (lib.attrsets.genAttrs domains (domain: (pkgs.dns.lib.combinators.host config.networking.primaryIP4 config.networking.primaryIP4)))
    {
      "ctu.cx".subdomains = (lib.attrsets.genAttrs subdomains (domain: { CNAME  = [ "${config.networking.fqdn}." ]; }));
    }
  ];

  services.nginx.virtualHosts = (lib.attrsets.genAttrs (domains ++ (lib.lists.forEach subdomains  (x: "${x}.ctu.cx")) ++ [ "restic.briefkasten.ctu.cx" ]) (domain: {
    enableACME = true;
    forceSSL   = true;
    kTLS       = true;
    locations."/".proxyPass       = "http://172.17.0.2:80/";
    locations."/".proxyWebsockets = true;
    locations."/".extraConfig     = ''
      proxy_set_header X-Forwarded-For $remote_addr;
      proxy_set_header X-Forwarded-Proto $scheme;
    '';
  }));

}