{ webroot }: { config, lib, pkgs, ... }:
let
  fqdn = "crashoverburn.com";
in
{
  users.users.nginx.extraGroups = [ "acme" ];
 /* security.acme.certs."${fqdn}" =
    {
      extraDomainNames = map (x: "${x}.${fqdn}")
        [
          "pubsub"
          "proxy"
          "upload"
          "conference"
          "social"
          "pics.social"
        ];
      #   webroot = "/var/lib/acme/acme-challenge/";
    };*/
  services.nginx = {
    enable = true;
    virtualHosts = {
      "${fqdn}" = {
        forceSSL = true;
        #enableACME = true;
        useACMEHost = "crashoverburn.com";
        locations."/".root = webroot;
      };
      #      "crashoverburn.online" = {
      #        forceSSL = true;
      #        useACMEHost = "crashoverburn.com";
      #enableACME = true;
      #         locations."/".root = webroot;
      #      };
    };
  };
}