{inputs, ...}:
let
  striped-front = inputs.striped-front;
in {

  networking.firewall.allowedTCPPorts = [ 80 443 8448 ];

  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;

    virtualHosts = 
    let
      mkStarr = host: port: {
        "${host}" = {
          enableACME = true;
          forceSSL = true;

          locations."/" = {
            proxyPass = "http://10.0.0.4:${port}";
            proxyWebsockets = true;
            extraConfig = ''
              proxy_ssl_server_name on;
              proxy_read_timeout 4800s;
            '';
          }; 
        };
      };
    in
    (
      mkStarr "jellyfin.shobu.fr" "8096"
      // mkStarr "radarr.shobu.fr" "7878"
      // mkStarr "sonarr.shobu.fr" "8989"
      // mkStarr "prowlarr.shobu.fr" "9696"
      // mkStarr "bazarr.shobu.fr" "6767"
      // mkStarr "jellyseerr.shobu.fr" "5055"
      // mkStarr "fileshelter.shobu.fr" "5091"
      // mkStarr "lidarr.shobu.fr" "8686"
      // mkStarr "transmission.shobu.fr" "9091"
      // mkStarr "zimablade-admin.shobu.fr" "61208"
      // {
        "shobu.fr" = {
          enableACME = true;
          forceSSL = true;

          root = "${inputs.shoblog-front.packages.x86_64-linux.default}/dist";
        };
        "data.shobu.fr" = {
          enableACME = true;
          forceSSL = true;

          root = "/mnt/shares/data";
        };
        "bddtrans.shobu.fr" = {
          enableACME = true;
          forceSSL = true;

          locations."/" = {
            proxyPass = "http://10.0.0.4:8001";
            extraConfig = ''
              proxy_ssl_server_name on;
            '';
          };
        };
        "bddtrans-api.shobu.fr" = {
          enableACME = true;
          forceSSL = true;

          locations."/" = {
              proxyPass = "http://10.0.0.4:8000";
            proxyWebsockets = true;
            extraConfig = ''
              proxy_ssl_server_name on;
            '';
          };
        };
        "striped.shobu.fr" = {
          enableACME = true;
          forceSSL = true;

          root = "${striped-front.packages.x86_64-linux.default}/dist";
        };
        "dashboard.shobu.fr" = {
          enableACME = true;
          forceSSL = true;

          locations."/" = {
            proxyPass = "http://10.0.0.4:8082";
          };
        };
        "git.shobu.fr" = {
          enableACME = true;
          forceSSL = true;

          locations."/" = {
            proxyPass = "http://10.0.0.4:3000";
          };
        };
        "files.shobu.fr" = {
          enableACME = true;
          forceSSL = true;

          locations."/" = {
            proxyPass = "http://10.0.0.4:8086";
          };
        };
        # "matrix.shobu.fr" = {
        #   forceSSL = true;
        #   enableACME = true;
        #   locations."/".extraConfig = ''
        #     return 404;
        #   '';
        #   locations."/_matrix".proxyPass = "http://10.0.0.4:8008";
        #   locations."/_synapse/client".proxyPass = "http://10.0.0.4:8008";
        #   locations."/.well-known/matrix/server".proxyPass = "http://10.0.0.4:8008/.well-known/matrix/server";
        # };
      }
    );
  };

  security.acme = {
    acceptTerms = true;
    defaults.email = "shobu_serhao@proton.me";
  };
}