{ pkgs, ... }:

{
  services.nginx.virtualHosts = {
    "ping.clerie.de" = {
      enableACME = true;
      addSSL = true;
      root = pkgs.fetchgit {
        url = "https://git.clerie.de/clerie/ping.clerie.de.git";
        rev = "c9c0849e1f63fd2e3aeeba8ce19ec44065a5d563";
        sha256 = "sha256-w6YG8qtuAVR7ET9pI/j8UMhF3JLDywLbD6DbM/Huyzw=";
      };
      /*
      locations."= /" = {
        return = ''200 "This domain is used for connectivity checking and captive portal detection\n"'';
        extraConfig = ''
          types { } default_type "text/plain; charset=utf-8";
        '';
      };
      */
      locations."= /ping" = {
        return = ''201'';
        extraConfig = ''
          types { } default_type "text/plain; charset=utf-8";
          add_header Access-Control-Allow-Origin *;
        '';
      };
      locations."= /nm-check.txt" = {
        return = ''200 "NetworkManager is online\n"'';
        extraConfig = ''
          types { } default_type "text_plain; charset=utf-8";
          add_header Cache-Control "max-age=0, must-revalidate";
        '';
      };
      # Provide an endpoint to simulate a captive portal redirect for testing
      locations."= /nm-check-test.txt" = {
        return = ''302 "http://clerie.de"'';
        extraConfig = ''
          types { } default_type "text_plain; charset=utf-8";
          add_header Cache-Control "max-age=0, must-revalidate";
        '';
      };
      extraConfig = ''
        access_log off;
      '';
    };
  };
}