{ 
  config,
  pkgs,
  lib,
  secrets,
  spacebar-server,
  containerName,
  rootDomain,
  ...
}:

{
  containers."${containerName}" = import ./container.nix {
    inherit pkgs lib spacebar-server;
  };

  security.acme.certs."${rootDomain}" = {
    domain = "${rootDomain}";
    extraDomainNames = [ "*.${rootDomain}" ];
    group = "nginx";
    dnsProvider = "cloudflare";
    credentialsFile = pkgs.writeTextFile {
      name = "cloudflare-credentials";
      text = ''
        # Cloudflare API credentials used by lego
        # https://go-acme.github.io/lego/dns/cloudflare/
        CLOUDFLARE_DNS_API_TOKEN=${secrets.secret_keys.cloudflare_dns}
      '';
    };
  };

  services.nginx.virtualHosts."*.${rootDomain}" = {
    serverName = "*.${rootDomain}";
    useACMEHost = "${rootDomain}";
    forceSSL = true;
    locations."/" = {
      proxyPass = "http://${containerName}.containers";
    };
  };
  services.nginx.virtualHosts."${rootDomain}" = {
    serverName = "${rootDomain}";
    useACMEHost = "${rootDomain}";
    forceSSL = true;
    locations."/" = {
      proxyPass = "http://${containerName}.containers";
    };
  };

  system.stateVersion = "22.11"; # DO NOT EDIT!
}