{ pkgs, config, ... }:
let
  mkVirtHosts = virtHosts:
    builtins.listToAttrs (builtins.map (name: {
      name = name;
      value = (builtins.import ./www/${name}.nix {
        # we have to explicitly pass in arguments because we're using import
        phpsock = config.services.phpfpm.pools.nginx.socket;
        inherit pkgs;
      });
    }) <| virtHosts);
in {
  networking.firewall.allowedTCPPorts = [ 80 443 ];

  # setup phpfpm pooler for sites using php
  services.phpfpm.pools = {
    nginx = {
      user = config.services.nginx.user;
      group = config.services.nginx.group;
      phpPackage = pkgs.php;
      settings = {
        "listen.owner" = config.services.nginx.user;
        "listen.group" = config.services.nginx.group;
        "listen.mode" = "0660";
        "pm" = "dynamic";
        "pm.max_children" = 5;
        "pm.start_servers" = 2;
        "pm.min_spare_servers" = 1;
        "pm.max_spare_servers" = 3;
      };
    };
  };

  services.nginx = {
    enable = true;
    recommendedTlsSettings = true;
    recommendedOptimisation = true;
    recommendedGzipSettings = true;

    virtualHosts = mkVirtHosts [
      "squi.bid"
      "5438.squi.bid"
      "voidpkgs.squi.bid"
    ];
  };
}