{
  flake,
  config,
  pkgs,
  lib,
  ...
}: {
  networking.firewall.allowedTCPPorts = [ 80 443 ];

  services.nginx = {
    enable = true;

    recommendedOptimisation = true;
    recommendedGzipSettings = true;
    recommendedTlsSettings = true;
    recommendedProxySettings = true;

    resolver.addresses = [
      "10.13.12.7"
      "[fd00:b12f:acab:1312:acab:7::]"
    ];
  };

  environment.etc = {
    "nginx/conf-available/proxy.conf".source = ./proxy.conf;
    "nginx/conf-available/authelia-location.conf".source = ./authelia-location.conf;
    "nginx/conf-available/authelia-authrequest.conf".source = ./authelia-authrequest.conf;
  };
}