{
  services.nginx.enable = true;

  services.nginx.virtualHosts."www.oid.foundation" = {
    useACMEHost = "oid.foundation";
    forceSSL = true;
    globalRedirect = "oid.foundation";
  };

  services.nginx.virtualHosts."oid.foundation" = {
    enableACME = true;
    forceSSL = true;
    root = "/var/www/oid.foundation";

  };

  services.nginx.virtualHosts."fediversity.eu" = {
    useACMEHost = "www.fediversity.eu";
    forceSSL = true;
    globalRedirect = "www.fediversity.eu";
    locations."/.well-known/matrix/client" = {
      extraConfig = ''
        return 200 '{"m.homeserver": {"base_url": "https://matrix.fediversity.eu", "public_baseurl": "https://matrix.fediversity.eu"}}';
        default_type application/json;
        add_header Access-Control-Allow-Origin "*";
        add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
        add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization";
      '';
    };
    locations."/.well-known/matrix/server" = {
      extraConfig = ''
        return 200 '{"m.server": "matrix.fediversity.eu:443"}';
        default_type application/json;
        add_header Access-Control-Allow-Origin "*";
        add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
        add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization";
      '';
    };
  };

  services.nginx.virtualHosts."www.fediversity.eu" = {
    enableACME = true;
    forceSSL = true;
    root = "${(import ../../website { }).build}";
    locations."/.well-known/matrix/client" = {
      extraConfig = ''
        return 200 '{"m.homeserver": {"base_url": "https://matrix.fediversity.eu", "public_baseurl": "https://matrix.fediversity.eu"}}';
        default_type application/json;
        add_header Access-Control-Allow-Origin "*";
        add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
        add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization";
      '';
    };
    locations."/.well-known/matrix/server" = {
      extraConfig = ''
        return 200 '{"m.server": "matrix.fediversity.eu:443"}';
        default_type application/json;
        add_header Access-Control-Allow-Origin "*";
        add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
        add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization";
      '';
    };
  };

  security.acme = {
    acceptTerms = true;
    defaults.email = "beheer@procolix.com";
    certs."www.fediversity.eu".extraDomainNames = [ "fediversity.eu" ];
    certs."oid.foundation".extraDomainNames = [ "www.oid.foundation" ];
  };
}