{ lib, config, inputs, pkgs, ... }:
let
  root_host = "grimmauld.de";
  puffer_port = 8080;
  puffer_sftp_port = 5657;
  puffer_host = "puffer.${root_host}";
  tlemap_host = "tlemap.${root_host}";
  tlemap_port = 8100;
in {
  services.pufferpanel = {
    enable = true;
    environment = {
      PUFFER_WEB_HOST = ":${builtins.toString puffer_port}";
      PUFFER_DAEMON_SFTP_HOST = ":${builtins.toString puffer_sftp_port}";
    };
    extraPackages = with pkgs; [];
    extraGroups = [ "docker" ];
  };

  services.nginx = {
    enable = true;
    virtualHosts."${puffer_host}" = {
      serverName = puffer_host;
      forceSSL = true;
      useACMEHost = root_host;
      locations."/" = {
        proxyPass = "http://127.0.0.1:${builtins.toString puffer_port}";
      };
    };
    virtualHosts."${tlemap_host}" = {
      serverName = tlemap_host;
      forceSSL = true;
      useACMEHost = root_host;
      locations."/" = {
        proxyPass = "http://127.0.0.1:${builtins.toString tlemap_port}";
      };
    };

  };
  security.acme.certs."${root_host}".extraDomainNames = [ puffer_host tlemap_host ];
  networking.firewall.allowedTCPPorts = [ puffer_sftp_port 25565 25566 25567 25568];

#  virtualisation.podman.enable = true;
  virtualisation.docker.enable = true;

}