{ lib, pkgs, config, ... }:
{
  services.nginx = {
    enable = true;
    recommendedProxySettings = true;

    virtualHosts = {
      "nas.cdaut.de" = {
        forceSSL = true;
        enableACME = true;
        locations."/" = {
          proxyPass = "http://10.10.0.2";
          extraConfig = "    
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection \"upgrade\";
          ";
        };
      };
      "farewellbird.de" = {
        forceSSL = true;
        enableACME = true;
        locations."/" = {
          proxyPass = "http://10.10.0.5";
        };
      };
    };
  };

  security.acme = {
    acceptTerms = true;
    defaults.email = "acme@cdaut.de";
  };

  networking.firewall.allowedTCPPorts = [ 80 443 ];
}