# Starts an Nginx server on $HOSTNAME just to get a cert for this host

{ config, pkgs, environment, ... }:

let
  hostname = config.networking.hostName;

  wwwRoot = pkgs.writeTextFile {
    name = "index.html";

    text = ''
      <html>
        <head>
          <title>${hostname}</title>
        </head>
        <body>
          <h1>${hostname}</title>
        </body>
      </html>
    '';
    destination = "/www";
  };

in {

  services.nginx = {
    enable = true;

    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedTlsSettings = true;

    virtualHosts."${hostname}" = {
      enableACME = true;
      forceSSL = true;
      root = wwwRoot + ("/" + "www");
    };
  };

  security.acme.certs = {
    ${hostname}.email = "admin@fudo.org";
  };
}