{pkgs, outputs, lib, ...}: {
  services = {
    pufferpanel = {
      enable = true;
      environment = {
        PUFFER_WEB_HOST = ":5010";
        PUFFER_PANEL_SETTINGS_MASTERURL = "https://panel.${outputs.secrets.jimDomain}";
        PUFFER_PANEL_EMAIL_PROVIDER = "smtp";
        PUFFER_PANEL_EMAIL_HOST = "mx.${outputs.secrets.jimDomain}:587";
        PUFFER_PANEL_EMAIL_FROM = "noreply@${outputs.secrets.jimDomain}";
        PUFFER_PANEL_EMAIL_USERNAME = "noreply@${outputs.secrets.jimDomain}";
        PUFFER_PANEL_EMAIL_PASSWORD = outputs.secrets.noreplyPassword;
      };
      extraPackages = with pkgs; [ bash curl gawk gnutar gzip ];
      package = pkgs.buildFHSEnv {
        name = "pufferpanel-fhs";
        meta.mainProgram = "pufferpanel-fhs";
        runScript = lib.getExe pkgs.pufferpanel;
        targetPkgs = pkgs': with pkgs'; [ icu openssl zlib ];
      };
    };
    nginx.virtualHosts."panel.${outputs.secrets.jimDomain}" =  {
      enableACME = true;
      forceSSL = true;
      locations."/" = {
        proxyPass = "http://127.0.0.1:5010";
        proxyWebsockets = true;
      };
    };
  };
}