{ config, pkgs, ... }:


{

networking.firewall.allowedTCPPorts = [80 443];

services.nginx = {
        enable = true;
        recommendedGzipSettings = true;
        recommendedOptimisation = true;
        recommendedProxySettings = true;
        recommendedTlsSettings = true;
        virtualHosts."git.stubbe.rocks" = {
#            enableACME = true;
            forceSSL = true;
	    sslCertificate = "/var/lib/acme/git.stubbe.rocks/fullchain.pem";
	    sslCertificateKey = "/var/lib/acme/git.stubbe.rocks/key.pem";
            locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
        };

    };
}