{config, ...}: let
  customDomain = config.customOps.domain.fqdn;
  hostname = config.networking.hostName;
in {
  networking = {
    enableIPv6 = true;
    firewall = {
      logRefusedPackets = true;
      allowedTCPPorts = [80 443];
    };
  };

  services.nginx.virtualHosts."${hostname}.${customDomain}" = {
    default = true;
    locations."/".return = 204;
    forceSSL = true;
    enableACME = true;
  };
}