{pkgs, lib, ...}: let
  secrets = import ../modules/secrets.nix;
in {
  services = {
    pufferpanel = {
      enable = true;
      environment = {
        PUFFER_WEB_HOST = ":5010";
        PUFFER_PANEL_SETTINGS_MASTERURL = "https://panel.${secrets.jimDomain}";
        PUFFER_PANEL_EMAIL_PROVIDER = "smtp";
        PUFFER_PANEL_EMAIL_HOST = "mx.${secrets.jimDomain}:587";
        PUFFER_PANEL_EMAIL_FROM = "noreply@${secrets.jimDomain}";
        PUFFER_PANEL_EMAIL_USERNAME = "noreply@${secrets.jimDomain}";
        PUFFER_PANEL_EMAIL_PASSWORD = secrets.noreplyPassword;
      };
      extraPackages = with pkgs; [ bash curl gawk gnutar gzip ];
      package = pkgs.buildFHSEnv {
        name = "pufferpanel-fhs";
        meta.mainProgram = "pufferpanel-fhs";
        runScript = lib.getExe pkgs.pufferpanel;
        targetPkgs = pkgs': with pkgs'; [ icu openssl zlib ];
      };
    };
    nginx.virtualHosts."panel.${secrets.jimDomain}" =  {
      enableACME = true;
      forceSSL = true;
      locations."/" = {
        proxyPass = "http://127.0.0.1:5010";
        proxyWebsockets = true;
      };
    };
  };
}