{...}: {
  networking.firewall = {
    allowedTCPPorts = [80 443];
  };
  services.nginx = {
    enable = true;
    virtualHosts = {
      "vhack.eu" = {
        forceSSL = true;
        enableACME = true;
        root = "/srv/www/vhack.eu";
      };
    };
  };
}