{ config, pkgs, lib, mkDomain, ... }:
{

  # OwnCast
  # self-hosted video live streaming solution

  services.owncast = {
    # the default /admin account is admin:abc123, don't enable if you don't intend to change it!
    enable = true;
    port = 3456; # default is 8080
    rtmp-port = 1935; # remember to punch a TCP hole in the NAT
    #listen = "0.0.0.0"; # default is "127.0.0.1"
    openFirewall = true; # the rtmp port, and the http port if listen != "127.0.0.1"
  };
  services.nginx.virtualHosts.${mkDomain "owncast"} = lib.mkIf config.services.owncast.enable {
    forceSSL = true; # addSSL = true;
    enableACME = true; #useACMEHost = acmeDomain;
    locations."/" = {
      proxyPass = "http://127.0.0.1:${toString config.services.owncast.port}";
      proxyWebsockets = true;
    };
  };

}