{ pkgs, config, ... }:
{
  virtualisation.oci-containers.containers = {
    safe-twitch-frontend = {
      image = "codeberg.org/safetwitch/safetwitch:latest";
      ports = [
        "8280:8280"
      ];
      environment = {
        SAFETWITCH_BACKEND_DOMAIN = "sf.${config.networking.domain}";
        SAFETWITCH_INSTANCE_DOMAIN = "safetwitch.${config.networking.domain}";
        SAFETWITCH_HTTPS = "true";
        SAFETWITCH_DEFAULT_LOCALE = "en";
        SAFETWITCH_FALLBACK_LOCALE = "en";
      };
    };
    safetwitch-backend = {
      image = "codeberg.org/safetwitch/safetwitch-backend:latest";
      ports = [
        "7100:7100"
      ];
      environment = {
        URL = "https://sf.${config.networking.domain}";
        PORT = "7100";
      };
    };
  };
  services.nginx = {

    virtualHosts = {
      "safetwitch.${config.networking.domain}" = {
        forceSSL = true;
        enableACME = true;

        locations."/" = {
          proxyPass = " http://127.0.0.1:8280";
        };
        extraConfig = ''
          access_log /var/log/nginx/$server_name-access.log json_analytics;
        '';
      };
      "sf.${config.networking.domain}" = {
        forceSSL = true;
        enableACME = true;
        locations."/" = {
          proxyPass = " http://127.0.0.1:7100";
        };
      };
    };
  };
}