{ pkgs, lib, config, ... }:
let
  domain = "module.paraclub.cloonar.dev";
  dataDir = "/var/www/${domain}";
in {
  services.nginx.virtualHosts."${domain}" = {
    forceSSL = true;
    enableACME = true;
    acmeRoot = null;
    root = "${dataDir}";

    locations."/favicon.ico".extraConfig = ''
      log_not_found off;
      access_log off;
    '';

    locations."/".extraConfig = ''
      index index.html;
      try_files $uri $uri/ /index.html$is_args$args;
    '';

    locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''
     expires 365d;
     add_header Pragma "public";
     add_header Cache-Control "public";
    '';

    locations."~ [^/]\.php(/|$)".extraConfig = ''
      deny all;
    '';
  };
  users.users."${domain}" = {
    isNormalUser = true;
    createHome = true;
    home = dataDir;
    homeMode= "770";
    #home = "/home/${domain}";
    group  = "nginx";
    openssh.authorizedKeys.keys = [
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCwgjsgjxOSX4ZeLuhSq+JumnEa1bKS3fwlA8LDuxvOWXs2Zn4Hwa04ZuM59jzqifwGGMJOFxErm8+5oH2QQFa0wgg8zEG+2U1AzjMNk5+mxrhnLPGAMlnqXmkGi0Jj2nFwKaEM9kcO5UUqRP71BFdGtP74wRcaVpT4TTPzCQl1HTdwzmAOT+3yQ364kyAHXTwQOAjiFcSAlNfZ5C2eeNC642bv6Dfi6mMWi55tdNV6HUn7y2cbq8wscDG7gla8bN3xivuO6POWqyCpHtLxDhppLYJ28ZwqpcynRAXDnVYlT3DmPw1bDs/eBlkjauGR/oM8phka3No3cREBYpSWK7mJeqIIWSV0Z4dvFLeWh6MM4AVhX3HOW7jcxf2tUmpzre6S10HjXj3lLES7oJO4uOYoJWxaGcqFiUc9BOxqLN9FqECXuzfC0apCr0OYm5T2NsSmzlkBPzCa2EqBBI0u5XGcDKgpBA4gD8kuD+8Cj5DxPzXP+IdX1jhHRVsI5nucTvM="
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0j0teJ1v7Ke2NYVWlHOd4sYBiE8uLHAtY+Myi7g267"
    ];
  };
  users.groups.${domain} = {};
}