{ container, config, util, ... }: let cfg = config.container.module.yt; name = "yt"; in { ${cfg.domain} = container.mkServer { extraConfig = util.trimTabs '' listen 443 ssl; set ''$${name} ${cfg.address}:${toString cfg.port}; location / { allow ${config.container.localAccess}; allow ${config.container.module.status.address}; allow ${config.container.module.vpn.address}; allow ${config.container.module.frkn.address}; deny all; proxy_pass http://''$${name}$request_uri; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_hide_header Content-Security-Policy; proxy_hide_header X-Frame-Options; proxy_hide_header X-Content-Type-Options; } ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; include /etc/letsencrypt/conf/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ''; }; }