{ config, pkgs, ... }:
{
  networking.firewall.allowedTCPPorts = [ 80 443 ];

  services.nginx = {
    enable = true;

    virtualHosts."itamar.site" = {
      enableACME = true;
      forceSSL   = true;
      root       = "/var/www/itamar.site";

      locations."/" = {
        tryFiles = "$uri $uri/ =404";
      };
    };
  };
}