{ config, lib, pkgs, ... }: let shortdomain = "i4f.de"; redirects = [ (short "d" "discuss.infra4future.de") (short "m" "mattermost.infra4future.de") (short "c" "cloud.infra4future.de") (short "s" "survey.infra4future.de") (short "g" "gitlab.infra4future.de") ]; short = name: target: { inherit name target; }; toVirtualHosts = {name, target, ...}: { name = "${name}.${shortdomain}"; value = { forceSSL = true; useACMEHost = "*.i4f.de"; locations."/".return = "302 https://${target}$request_uri"; }; }; in { security.acme.certs."wildcard.i4f.de" = { domain = "*.i4f.de"; dnsProvider = "cloudflare"; credentialsFile = "/persist/var/shortdomains/dns-secrents.env"; }; services.nginx.virtualHosts = lib.listToAttrs (map toVirtualHosts redirects) // { ${shortdomain} = { enableACME = true; forceSSL = true; root = pkgs.writeText "index.html" ''