{ webroot }: { config, lib, pkgs, ... }:
let 
fqdn = "crashoverburn.com";
in
{
  users.users.nginx.extraGroups = [ "acme" ];
  security.acme.certs."${fqdn}" = 
  {
    extraDomainNames=  map (x: "${x}.${fqdn}") 
        [
            "pubsub"
            "proxy"
            "upload"
            "conference"
            "social"
            "pics.social"
          ];
    webroot = "/var/lib/acme/acme-challenge/";
  };
  services.nginx = {
    enable = true;
    virtualHosts = {
      "${fqdn}" = {
        forceSSL = true;
        enableACME = true;
        #useACMEHost = "crashoverburn.com";
        locations."/".root = webroot;
      };
      "crashoverburn.online" = {
        forceSSL = true;
        #useACMEHost = "crashoverburn.com";
        enableACME = true;
         locations."/".root = webroot;
      };
    };
  };
}