{ lib, user, ... }:
let keys = [
  "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQNlGt62dBMojVCX7EUIia+wfSDfLzV4YCPi8SZ2xrp elnu@elnu.com"
]; in
{
  imports = [
    ./hardware-configuration.nix
    # Remember to update for new instances
    ./networking.nix # generated at runtime by nixos-infect
  ];
  networking.firewall = {
    enable = true;
    allowedTCPPorts = [ 80 443 ];
  };
  security.acme = {
    acceptTerms = true;
    defaults.email = "elnu@elnu.com";
  };
  services.nginx = {
    enable = true;
    virtualHosts = {
      "default" = {
        default = true;
        serverName = null;
        # https://stackoverflow.com/a/42802777
        locations."/".return = "444";
      };
      "jichan.org" = {
        extraConfig = ''
          error_page 502 /502.html;
        '';
        locations = {
          "/" = {
            proxyPass = "http://127.0.0.1:8000";
            proxyWebsockets = true;
          };
          "/502.html".root = "${./hosts/jichan.org}";
          "/logo.svg".root = "${./hosts/jichan.org}";
          "/missing.min.css".root = "${./hosts/jichan.org}";
        };
      };
    };
  };
  services.do-agent.enable = true;
  services.openssh.enable = true;
  users.users.root.openssh.authorizedKeys.keys = keys;
  users.users.${user}.openssh.authorizedKeys.keys = keys;
}