{ lib, pkgs, ... }:
with lib;
{

  systemd.services.tiddlywiki.serviceConfig.LoadCredential = [ "credentials.csv:/var/trust/tiddlywiki/credentials.csv" ];

  services = {
    nginx = {
      virtualHosts."testing.posixlycorrect.com" = {
        enableACME = true;
        forceSSL = true;
        extraConfig = ''
          proxy_headers_hash_max_size 512;
          proxy_headers_hash_bucket_size 128;
          	    '';
        locations."/" = {
          proxyPass = "http://127.0.0.1:7456";
        };
      };
    };
    tiddlywiki = {
      enable = true;
      listenOptions = {
        readers = "(anon)";
        writers = "(authenticated)";
        admin = "fabian";
        credentials = "/run/credentials/tiddlywiki.service/credentials.csv";
        host = "127.0.0.1";
        port = 7456;
      };
    };
  };
}