{ config, pkgs, lib, ... }:
let 
  serveDir = config : {
    enableACME = if config ? ssl then config.ssl else true;
    addSSL = if config ? ssl then config.ssl else true;
    root = if config ? path then config.path else builtins.throw "path is required";
    locations = {
      "/" = {
        index = "index.html";
      };
    };
  };
in {
  services = {
    nginx = {
      enable = true;
      package = pkgs.nginxQuic;
      recommendedProxySettings = true;
      recommendedTlsSettings = true;
      recommendedZstdSettings = true;
      recommendedGzipSettings = true;
      recommendedBrotliSettings = true;
      recommendedOptimisation = true;
      defaultMimeTypes = ../../../../modules/packages/nginx/mime.types;
      appendConfig = ''
        worker_processes 16;
        '';
       eventsConfig = ''
        #use kqueue;
        worker_connections 512;
        '';
      appendHttpConfig = ''
        #sendfile on;
        disable_symlinks off;
        log_format combined_vhosts '$remote_addr - $remote_user [$time_local] {host="$host",server_name="$server_name"} "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"';
        access_log /var/log/nginx/access.log combined_vhosts;
      '';
      upstreams = import ./matrix-upstreams.nix;
      additionalModules = with pkgs.nginxModules; [
        moreheaders
      ];
      virtualHosts = {
        "siliconheaven.thearcanebrony.net" = import ./thearcanebrony.net/siliconheaven.nix;
        "lfs.thearcanebrony.net" = import ./thearcanebrony.net/lfs.nix;
        "http.thearcanebrony.net" = import ./thearcanebrony.net/http.nix;
        "thearcanebrony.net" = import ./thearcanebrony.net/root.nix;
        "sentry.thearcanebrony.net" = import ./thearcanebrony.net/sentry.nix;
        "awooradio.thearcanebrony.net" = import ./thearcanebrony.net/awooradio.nix;
        "search.thearcanebrony.net" = import ./thearcanebrony.net/search.nix;
        "git.thearcanebrony.net" = import ./thearcanebrony.net/git.nix;
        "files.thearcanebrony.net" = import ./thearcanebrony.net/files.nix;
        "spigotav.thearcanebrony.net" = import ./thearcanebrony.net/spigotav.nix;
        "terra.thearcanebrony.net" = import ./thearcanebrony.net/terra.nix;
        "vives.thearcanebrony.net" = import ./thearcanebrony.net/vives.nix;
        "rory.gay" = import ./rory.gay/root.nix;
        #"rory.boo" = import ./rory.gay/root.nix;
        "lfs.rory.gay" = import ./rory.gay/lfs.nix;
        "git.rory.gay" = import ./rory.gay/git.nix;
        "cgit.rory.gay" = import ./rory.gay/cgit.nix;
        #"tunnel.rory.boo" = import ./rory.boo/tunnel.nix;
        "boorunav.com" = import ./boorunav.com/root.nix;
        "catgirlsaresexy.com" = import ./catgirlsaresexy.com/root.nix;
        "sugarcanemc.org" = import ./sugarcanemc.org/root.nix;

        #"jitsi.rory.gay" = import ./rory.gay/jitsi.nix;

        #matrix...
        "conduit.rory.gay" = import ./rory.gay/conduit.nix;
        "matrix.rory.gay" = import ./rory.gay/matrix.nix;
        "matrix-rory-gay.localhost" = import ./localhost/matrix-rory-gay.nix;
        "pcpoc.rory.gay" = import ./rory.gay/pcpoc.nix;
        "matrixunittests.rory.gay" = import ./rory.gay/matrixunittests.nix;
        "conduit.matrixunittests.rory.gay" = import ./rory.gay/conduit.matrixunittests.nix;
        "mru.rory.gay" = import ./rory.gay/mru.nix;

        #bots...
        "0bottests.bots.rory.gay" = import ./rory.gay/bots.nix;
        "catnipbot.bots.rory.gay" = import ./rory.gay/bots.nix;
        "impulsyeeter.bots.rory.gay" = import ./rory.gay/bots.nix;
        "omnibot.bots.rory.gay" = import ./rory.gay/bots.nix;
        "yatopiawatchdog.bots.rory.gay" = import ./rory.gay/bots.nix;
        "playground.bots.rory.gay" = import ./rory.gay/bots.nix;
        "kinobot.bots.rory.gay" = import ./rory.gay/bots.nix;
        "siliconbotpublic.bots.rory.gay" = import ./rory.gay/bots.nix;
        "thearcanebot.bots.rory.gay" = import ./rory.gay/bots.nix;
        "anonbot.bots.rory.gay" = import ./rory.gay/bots.nix;
        "hericanbot.bots.rory.gay" = import ./rory.gay/bots.nix;
        "siliconbot.bots.rory.gay" = import ./rory.gay/bots.nix;
        "impulsbot.bots.rory.gay" = import ./rory.gay/bots.nix;
        "studiobot.bots.rory.gay" = import ./rory.gay/bots.nix;
        "carsnbots.bots.rory.gay" = import ./rory.gay/bots.nix;
        "binsh.bots.rory.gay" = import ./rory.gay/bots.nix;
        "fosscordbot.bots.rory.gay" = import ./rory.gay/bots.nix;
        "sugarcanebot.bots.rory.gay" = import ./rory.gay/bots.nix;
        "gradbot.bots.rory.gay" = import ./rory.gay/bots.nix;
      };
    };
  };
  systemd.services.nginx.serviceConfig = {
    LimitNOFILE=5000000;
  };
  systemd.services.nginx.requires = [ "data.mount" ];
  security.acme.acceptTerms = true;
  security.acme.defaults.email = "root@thearcanebrony.net";

  environment.systemPackages = with pkgs; [
    #gitfs
  ];

}