{ inputs, config, pkgs, ... }:
{
  security.acme = {
    acceptTerms = true;
    defaults.email = "jade@schrottkatze.de";
    certs = {
      "schrottkatze.de" = {
        group = "nginx";
        keyType = "rsa2048";
      };
      "vw.schrottkatze.de" = {
        group = "nginx";
        keyType = "rsa2048";
      };
      "wolke.schrottkatze.de" = {
        group = "nginx";
        keyType = "rsa2048";
      };
    };
  };

  environment.systemPackages = [ inputs.meowsite.packages."x86_64-linux".default ];

  services.nginx = {
    enable = true;

    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;

    virtualHosts = {
      "schrottkatze.de" = {
        forceSSL = true;
        enableACME = true;
        root = "${inputs.meowsite.packages."x86_64-linux".default}";
      };
      "vw.schrottkatze.de" = {
        forceSSL = true;
        enableACME = true;
        locations."/" = {
          proxyPass = "http://localhost:8812"; #changed the default rocket port due to some conflict
          proxyWebsockets = true;
        };
        locations."/notifications/hub" = {
          proxyPass = "http://localhost:3012";
          proxyWebsockets = true;
        };
        locations."/notifications/hub/negotiate" = {
          proxyPass = "http://localhost:8812";
          proxyWebsockets = true;
        };
      };
      "wolke.schrottkatze.de" = {
        forceSSL = true;
        enableACME = true;
      };
    };
  };
}