{
  flake.modules.nixos.nginx-oliverdavies-uk =
    { config, ... }:
    let
      domain = "oliverdavies.uk";
      port = 9098;

      redirects = builtins.concatStringsSep "\n" (
        map (r: "rewrite ^${r.from}/?$ ${r.to} redirect;") (import ./_redirects.nix)
      );
    in
    {
      security.acme = {
        acceptTerms = true;

        certs.${domain} = {
          dnsProvider = "cloudflare";
          domain = "${domain}";
          email = "oliver@oliverdavies.uk";
          environmentFile = config.age.secrets.cloudflare.path;
          extraDomainNames = [ "www.${domain}" ];
          webroot = null;
        };
      };

      services.nginx = {
        enable = true;

        virtualHosts."www.${domain}" = {
          root = "/var/www/vhosts/website-sculpin";

          listen = [
            {
              inherit port;

              addr = "localhost";
            }
          ];

          locations."/".tryFiles = "$uri $uri.html $uri/index.html =404";

          extraConfig = ''
            port_in_redirect off;

            # Remove trailing slashes.
            rewrite ^/(.*)/$ /$1 permanent;

            error_page 404 /404;

            rewrite ^/talks/archive/?$ /talks permanent;
            rewrite ^/talks/(.*)$ /presentations/$1 permanent;
            rewrite ^/talks/?$ /presentations permanent;

            ${redirects}
          '';
        };
      };

      services.cloudflared = {
        enable = true;

        tunnels."c1537889-81ac-4d41-b80d-9657f8db30c7" = {
          credentialsFile = config.age.secrets.cloudflared.path;
          default = "http_status:404";
          ingress."www.${domain}" = "http://localhost:${toString port}";
        };
      };
    };
}