{
  services.nginx = {
    enable = true;

    # enable all recommended settings
    recommendedTlsSettings = true;
    recommendedOptimisation = true;
    recommendedGzipSettings = true;
    recommendedProxySettings = true;

    # set a reasonable default
    clientMaxBodySize = "64m";

    virtualHosts = {
      "_" = {
        addSSL = true;
        useACMEHost = ".514fpv.io";
        extraConfig = "return 444;";
      };

      "home.514fpv.io" = {
        useACMEHost = ".514fpv.io";
        addSSL = true;
        extraConfig = ''
          proxy_buffering off;
        '';
        locations."/" = {
          proxyPass = "http://127.0.0.1:8123";
          proxyWebsockets = true;
        };
      };
    };
  };

  networking.firewall.allowedTCPPorts = [ 80 443 ];
}