{ pkgs, ... }: 
{
  security.acme = {
    acceptTerms = true;
    defaults = {
      email = "jade@schrottkatze.de";
      webroot = "/var/lib/acme/acme-challenge";
    };
    certs = {
      #"meet.katzen.cafe" = {
        #group = "nginx";
        #keyType = "rsa4096";
      #};
      #"wiki.phtanum-b.katzen.cafe" = {
        #group = "nginx";
        #keyType = "rsa4096";
      #};
      "auth.katzen.cafe" = {
        group = "nginx";
        keyType = "rsa4096";
      };
    };
  };
  services.nginx = {
    enable = true;
    virtualHosts = {
      #"wiki.phtanum-b.katzen.cafe" = {
        #forceSSL = true;
        #enableACME = true;
        #locations."/" = {
          #proxyPass = "http://127.0.0.1:8080";
        #};
      #};
      "auth.katzen.cafe" = {
        forceSSL = true;
        enableACME = true;
        locations."/" = {
          proxyPass = "http://127.0.0.1:8097";
        };
      };
    };

  };
}