{ pkgs, lib, config, ... }:
let
  domain = "mehr-leistbaren-wohnraum-schaffen.cloonar.dev";
  dataDir = "/var/www/${domain}";
in {
  services.nginx.virtualHosts."${domain}" = {
    forceSSL = true;
    enableACME = true;
    acmeRoot = null;
    root = "${dataDir}";

    locations."/favicon.ico".extraConfig = ''
      log_not_found off;
      access_log off;
    '';

    locations."/".extraConfig = ''
      index index.html;
    '';

    locations."~* \.(jpe?g|png)$".extraConfig = ''
      set $red Z;

      if ($http_accept ~* "webp") {
          set $red A;
      }

      if (-f $document_root/webp/$request_uri.webp) {
          set $red "''${red}B";
      }

      if ($red = "AB") {
          add_header Vary Accept;
          rewrite ^ /webp/$request_uri.webp;
      }
    '';

    locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''
     expires 365d;
     add_header Pragma "public";
     add_header Cache-Control "public";
    '';

    locations."~ [^/]\.php(/|$)".extraConfig = ''
      deny all;
    '';
  };
  users.users."mehr-leistbaren-wohnraum-dev" = {
    isNormalUser = true;
    createHome = true;
    home = dataDir;
    homeMode= "770";
    #home = "/home/${domain}";
    group  = "nginx";
    openssh.authorizedKeys.keys = [
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDWrkjt5+tIGAi0Q9ViFlFARGxMxoDaxI7lu1AtIlluhOXvJrX33roxV+PF+ky6ZQFcwd5xRy1HkXkfsBJVlRstrZXiqbP9DaSO3arSTQmiezSWgeLD9r3aktsPINgENkMBSUgURVRDaO0B/PA5MylOoijFaxmHEFMa8ZNYwKj/tWKt6+NI9UxUW3fSZXipOohvdzPxoD5YjjlyivtQCbfcpFa46Q08TIiUNEBnSTIKbDuVGgNtKXd5ELRtl7HRcT9iwPfmmVPHVMXREnVma47pABe+54Qrh6N8MzSJLOLJy/kRM2iw/ovxGEWE8rPqaoPszaEPxDEpEmRMyqNb5ZAuWG3NvUOiU5rijSvP8H9QVubJyNC4DHYYeBa1Kw2iAqnzdsneyHz01vVRQh7qa4Aonuzk2VfrW08dJbMC7p6tpvQgkdGLrwetgwZRqdGpbWhRV4s816tuoBFTmM3gDWr5R6CAPmzmykhTi8IbJ5LTua5t7+82wIMA026BNvRbndk="
    ];
  };
  users.groups.${domain} = {};
}