#
# System notifications
#

{ config, lib, pkgs, ... }:

{
  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    virtualHosts = {
      "home.opel-online.de" = {
        enableACME = true;
        forceSSL = true;
        default = true;
        locations."/".return = "503";
      };
    };
  };
    

  security.acme = {
    acceptTerms = true;
    defaults = {
      email = "webmaster@opel-online.de";
#      server = "https://acme-staging-v02.api.letsencrypt.org/directory";
      dnsResolver = "9.9.9.9:53";
    };
    certs = {
      "home.opel-online.de" = {
        domain = "*.home.opel-online.de";
        dnsProvider = "netcup";
        environmentFile = config.age.secrets."services/acme/opel-online".path;
        webroot = null;
      };
    };
  };

  networking.firewall = {
    enable = true;
    allowedUDPPorts = [  ];
    allowedTCPPorts = [ 80 443 ];
  };

  age.secrets."services/acme/opel-online" = {
    file = ../../../secrets/services/acme/opel-online.age;
    owner = "acme";
  };

}