{
  machineConfig,
  config,
  lib,
  pkgs,
  ...
}:

{

  options.zpha.websites."zaphyra.eu".enable = lib.mkEnableOption "";

  config = lib.mkIf config.zpha.websites."zaphyra.eu".enable {
    dns.zones."zaphyra.eu" =
      pkgs.dnsNix.combinators.host machineConfig.networking.ip4Address machineConfig.networking.ip6Address;

    services.nginx.virtualHosts."zaphyra.eu" = {
      useACMEHost = "${config.networking.fqdn}";
      forceSSL = true;
      kTLS = true;
      root = pkgs.zpha.website;
      extraConfig = ''
        location /.well-known/openpgpkey {
            add_header Access-Control-Allow-Origin * always;
        }
      '';
    };
  };

}