{ config, pkgs, ... }:

{
  nixpkgs.config.allowUnfree = true;

  networking.firewall.allowedTCPPorts = [ 80 443 ];

  services.jenkins.enable = true;

  services.outline = {
    enable = true;
    storage.storageType = "local";
  };

  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
  };

  services.nginx.virtualHosts."outline.ktiu.net" = {
    addSSL = true;
    enableACME = true;
    root = "/var/www/myhost.org";
    locations."/" = {
      proxyPass = "http://127.0.0.1:3000";
      extraConfig = 
        "proxy_set_header Upgrade $http_upgrade;" +
        "proxy_set_header Connection \"Upgrade\";" +
        "proxy_set_header Host $host;" +
        "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header Host $host;" +
        "proxy_set_header X-Real-IP $remote_addr;" +
        "proxy_set_header X-Scheme $scheme;" +
        "proxy_set_header X-Forwarded-Proto $scheme;" +
        "proxy_redirect off;"
      ;
    };
  };

  security.acme = {
    acceptTerms = true;
    defaults.email = "till@ktiu.net";
  };

}