{...}: { security.acme = { acceptTerms = true; defaults.email = "personal+letsencrypt@peprolinbot.com"; }; networking.firewall.allowedTCPPorts = [80 443]; services.nginx = { enable = true; # Use recommended settings recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; virtualHosts = { "ha.campares.duckdns.org" = { forceSSL = true; enableACME = true; extraConfig = '' proxy_buffering off; ''; locations."/" = { proxyPass = "http://[::1]:8123"; proxyWebsockets = true; }; }; "wg.campares.duckdns.org" = { forceSSL = true; enableACME = true; extraConfig = '' proxy_buffering off; ''; locations."/" = { proxyPass = "http://[::1]:8000"; proxyWebsockets = true; }; }; }; }; }