{ config, ... }:

let
  name = "ponthirtaekwondo.co.uk";
  ports = config.homelab.ports;
  port = ports.nginx.ponthir-taekwondo;
in
{
  security.acme.certs = {
    "ponthirtaekwondo.co.uk" = {
      domain = "ponthirtaekwondo.co.uk";
      dnsProvider = "cloudflare";
      email = "oliver@oliverdavies.uk";
      environmentFile = config.age.secrets.cloudflare.path;
      webroot = null;

      extraDomainNames = [
        "www.ponthirtaekwondo.co.uk"
      ];
    };
  };

  services = {
    nginx.virtualHosts = {
      "www.${name}" = {
        root = "/var/www/vhosts/${name}";

        listen = [
          {
            inherit port;

            addr = "localhost";
          }
        ];

        locations."/".tryFiles = "$uri $uri.html $uri/index.html =404";

        extraConfig = ''
          port_in_redirect off;

          # Remove trailing slashes.
          rewrite ^/(.*)/$ /$1 permanent;
        '';
      };
    };

    cloudflared.tunnels."e1514105-327f-4984-974e-e2fbaca76466".ingress = {
      "www.ponthirtaekwondo.co.uk" = "http://localhost:${toString port}";
    };
  };
}