{ config, ... }:

{
  imports = [
    ./forgejo.nix

    ./sync
  ];

  networking.firewall.allowedTCPPorts = [ 80 443 ];

  services.nginx = {
    enable = true;
    virtualHosts = {
      "eriedaberrie.me" = {
        forceSSL = true;
        enableACME = true;
        acmeRoot = null;
        serverAliases = [ "www.eriedaberrie.me" ];
        locations."/".proxyPass = "http://127.0.0.1:8080/";
      };
    };
  };

  security.acme = {
    acceptTerms = true;
    defaults.email = "eriedaberrie@gmail.com";
    certs = {
      "eriedaberrie.me" = {
        dnsProvider = "porkbun";
        credentialsFile = config.age.secrets.porkbun-auth.path;
        extraDomainNames = [
          "www.eriedaberrie.me"
        ];
      };
    };
  };
}