{ config, pkgs, ... }:

{

  services.nginx = {
    virtualHosts."gebner.org" = {
      enableACME = true;
      forceSSL = true;
      root = "/srv/www.gebner.org";
      extraConfig = ''
        access_log /var/log/nginx/website_access.log;

        error_page 404 403 /404.html;

        location / {
          try_files $uri $uri/ @not_found;
        }

        location @not_found {
          try_files /404.cgi =404;
          fastcgi_intercept_errors on;
          fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
        }
      '';
    };
  };

  services.fcgiwrap = {
    enable = true;
    user = "nobody";
    group = "nogroup";
  };
}