{ pkgs, ... }: 
{
  security.acme = {
    acceptTerms = true;
    defaults = {
      email = "jade@schrottkatze.de";
      server = "https://acme-staging-v02.api.letsencrypt.org/directory";
      webroot = "/var/lib/acme/acme-challenge";
    };
    certs = {
      "meet.katzen.cafe" = {
        group = "nginx";
        keyType = "rsa4096";
      };
      "wiki.phtanum-b.katzen.cafe" = {
        group = "nginx";
        keyType = "rsa4096";
      };
    };
  };
  services.nginx = {
    enable = true;
    virtualHosts = {
      "wiki.phtanum-b.katzen.cafe" = {
        forceSSL = true;
        enableACME = true;
        locations."/" = {
          proxyPass = "http://127.0.0.1:8080";
        };
      };
      "auth.katzen.cafe" = {
        forceSSL = true;
        enableACME = true;
        locations."/" = {
          proxyPass = "http://127.0.0.1:8097";
        };
      };
    };

  };
}