{ config, pkgs, ...}:

let

autheliaConfig = pkgs.callPackage ./authelia_example-config.nix {};
authelia = pkgs.callPackage ../authelia.nix {
    config = autheliaConfig.config;
};

in
{

  networking.firewall.allowedTCPPorts = [80 443];

  services.nginx = {
    enable = true;
    appendHttpConfig = ''
      server_names_hash_bucket_size 64;
    '';
    sslProtocols = "TLSv1 TLSv1.1 TLSv1.2";
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = false;
    virtualHosts."authelia.*" = mc.nginx.virtualHosts.authelia;
  };

  systemd.services.authelia = mc.systemd.services.authelia;
}