{
  lib,
  pkgs,
  config,
  ...
}:
with lib; {
  services = {
    nginx = {
      virtualHosts."public.posixlycorrect.com" = {
        enableACME = true;
        forceSSL = true;
        extraConfig = ''
          proxy_headers_hash_max_size 512;
          proxy_headers_hash_bucket_size 128;
        '';
        locations."/" = {
          proxyPass = "http://127.0.0.1:5000";
        };
      };
    };
  };

  local.sys.dufs = {
    enable = true;
    settings = {
      serve-path = "/var/public";
      allow-all = false;
      allow-archive = true;
    };
  };
}