{pkgs, ...}: let
  rootDomain = "dylanblades.net";
  hostDomain = rootDomain;
in {
  networking.firewall.allowedTCPPorts = [
    80
    443
  ];

  security.acme = {
    acceptTerms = true;
    defaults.email = "acme.evict519@simplelogin.com";
    /*
    Should have logic about extra certs here for the case where rootDomain and
    hostDomain are not the same.
    */
  };

  services.nginx = {
    enable = true;
    /*
    Should really be using hostDomain here for ACME, and rootDomain for my-site.
    This is not robust and should be changed.
    */
    virtualHosts.${rootDomain} = {
      forceSSL = true;
      enableACME = true;
      root = pkgs.my-site;
    };
  };
}