{
  services.nginx = {
    enable = true;

    # enable all recommended settings
    recommendedTlsSettings = true;
    recommendedOptimisation = true;
    recommendedGzipSettings = true;
    recommendedProxySettings = true;

    # set a reasonable default
    clientMaxBodySize = "64m";

    virtualHosts = {
      "_" = {
        addSSL = true;
        useACMEHost = ".sf.514fpv.io";
        extraConfig = "return 444;";
      };
    };
  };

  networking.firewall.allowedTCPPorts = [
    80
    443
  ];
}