{ ... }:
{
  services.nginx = {
    enable = true;
    virtualHosts = {
      "mail-1.grzb.de" = {
        listen = [{
          addr = "0.0.0.0";
          port = 80;
        }];
        locations."/" = {
          # proxy port 80 to mail server nginx for acme http challange
          proxyPass = "http://172.18.50.2:80";
        };
      };
      "status.nekover.se" = {
        forceSSL = true;
        enableACME = true;
        listen = [
          {
            addr = "0.0.0.0";
            port = 80;
          }
          {
            addr = "0.0.0.0";
            port = 443;
            ssl = true;
          }
        ];
        locations."/" = {
          proxyPass = "http://localhost:3001";
          proxyWebsockets = true;
        };
      };
    };
  };
}