{ pkgs, lib, ... }:
let
  sites = [
    "/NdS"
    "/2048"
    "/prez"
    "/known"
    "/pub"
  ];
in
{

  services.nginx.enable = true;
  services.nginx.virtualHosts = {
    "new.hackens.org" = {
      forceSSL = true;
      enableACME = true;
      locations = lib.genAttrs sites (name: {
        root = "/var/www";
        extraConfig = "autoindex on;";
      });
    };
    # Legacy redirections
    #"known.hackens.org" = {
    #  forceSSL = true;
    #  enableACME = true;
    #  extraConfig = ''
    #    return 301 $scheme://hackens.org/known$request_uri;
    #    '';
    #};
    #"nds.hackens.org" = {
    #  forceSSL = true;
    #  enableACME = true;
    #  extraConfig = ''
    #    return 301 $scheme://hackens.org/known$request_uri;
    #    '';
    #};
    #"prez.hackens.org" = {
    #  forceSSL = true;
    #  enableACME = true;
    #  extraConfig = ''
    #    return 301 $scheme://hackens.org/prez$request_uri;
    #    '';
    #};
    #"pub.hackens.org" = {
    #  forceSSL = true;
    #  enableACME = true;
    #  extraConfig = ''
    #    return 301 $scheme://hackens.org/pub$request_uri;
    #    '';
    #};
    #"2048.hackens.org" = {
    #  forceSSL = true;
    #  enableACME = true;
    #  extraConfig = ''
    #    return 301 $scheme://hackens.org/2048$request_uri;
    #    '';
    #};

  };
  networking.firewall.allowedTCPPorts = [ 80 443 ];
}