{ config, pkgs, ... }:
let domain = config.networking.domain;
in {
  security.acme.certs.${domain} = {
    credentialsFile = pkgs.writeText "namesilo.env" ''
      NAMESILO_API_KEY_FILE=/var/lib/acme/namesilo.key
      NAMESILO_PROPAGATION_TIMEOUT=1800
    '';
    dnsProvider = "namesilo";
    extraDomainNames = [
      "*.ipfs.${domain}"
      "*.ipns.${domain}"
    ];
    webroot = null;
  };

  services = {
    ipfs = {
      enable = true;
      enableGC = true;
      extraConfig.GateWay = {
        NoFetch = true;
        PublicGateways.${domain} = {
          Paths =  [ "/ipfs" "/ipns" ];
          UseSubdomains = true;
        };
      };
    };

    nginx.virtualHosts = let
      ipfsGateway = "http://localhost:8080";
      ipfsProxy = {
        forceSSL = true;
        locations."/".proxyPass = ipfsGateway;
        useACMEHost = domain;
      };
    in {
      "${domain}".locations = {
        "/ipfs".proxyPass = ipfsGateway;
        "/ipns".proxyPass = ipfsGateway;
      };
      "*.ipfs.${domain}" = ipfsProxy;
      "*.ipns.${domain}" = ipfsProxy;
      "ipwhl.${domain}" = {
        enableACME = true;
        forceSSL = true;
        locations."/".proxyPass = ipfsGateway;
      };
    };
  };
}