{ config, pkgs, ... }:

{ containers.https =
  let
    hostname = "${config.hostname}.fudo.link";
    incomingCertDir = "/srv/${config.hostname}/certs";
    containerCertsDir = "/etc/letsencrypt/live";

  in {
    autoStart = true;

    bindMounts = [
      {
        "${containerCertsDir}" = {
          hostPath = "${incomingCertsDir}";
          isReadOnly = false;
        };
      }
    ];

    config = { config, pkgs, ... }:
    {
      environment.systemPackages = with pkgs; [
        nginx
      ];

      services.nginx = {
        enable = true;

        virtualHosts."${hostname}" = {
          enableACME = true;
          forceSSL = true;
          root = "/var/www";
        };

        security.acme.certs = {
          "${hostname}".email = config.adminEmail;
        };
      };
    };
  };
}