{
  lib,
  config,
  ...
}:
let
  cfg = config.machine.code-server;
in
with lib;
mkIf cfg.enable {
  services.nginx.virtualHosts = mkIf (cfg.domain != null) {
    ${cfg.domain} = {
      enableACME = true;
      forceSSL = true;
      locations."/" = {
        proxyPass = "http://127.0.0.1:${toString cfg.port}";
        proxyWebsockets = true;
        extraConfig = ''
          proxy_set_header X-Real-IP         $remote_addr;
          proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto $scheme;
          proxy_read_timeout                 86400;
          proxy_send_timeout                 86400;
        '';
      };
    };
  };
}