{ lib, ... }:
{
	imports = [ ../../../common/services/nginx.nix ];
	services.nginx.virtualHosts = {
		"nixaalb.org" = {
			enableACME = true;
			forceSSL = true;
			root = "/var/www/nixaalb.org/public";
		};
		"mta-sts.nixaalb.org" = {
			enableACME = true;
			forceSSL = true;
			root = "/var/www/mta-sts/public";
		};
		"ag6mlqzpyswq3oogpnuykgllnv5gevjew6dshzmotwgnpo5jw2jqltad.onion" = {
			# TODO: Do this with unix sockets instead
			listen = [ {
								addr = "[::1]";
								port = 8080;
							} ];
			root = "/var/www/nixaalb.org/public";
		};
	};

	
	systemd.services.nginx.serviceConfig = {
		PrivateTmp = lib.mkForce "false";
	};
}