{
  lib,
  config,
  modulesPath,
  ...
}:

let
  inherit (lib) mkVMOverride mapAttrs' filterAttrs;

in
{
  imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ];

  services.nginx.virtualHosts =
    let
      value = {
        forceSSL = mkVMOverride false;
        enableACME = mkVMOverride false;
      };
    in
    mapAttrs' (bucket: _: {
      name = config.fediversity.internal.garage.web.domainForBucket bucket;
      inherit value;
    }) (filterAttrs (_: { website, ... }: website) config.fediversity.garage.ensureBuckets);

  virtualisation.diskSize = 2048;
  virtualisation.forwardPorts = [
    {
      from = "host";
      host.port = config.fediversity.internal.garage.rpc.port;
      guest.port = config.fediversity.internal.garage.rpc.port;
    }
    {
      from = "host";
      host.port = config.fediversity.internal.garage.web.internalPort;
      guest.port = config.fediversity.internal.garage.web.internalPort;
    }
  ];
}