{ config, lib, pkgs, ... }:
{
  imports = [
    ./webdav
  ];

  config = {
    services.nginx = {
      enable = true;
      package = pkgs.nginxQuic;
      recommendedGzipSettings = false;
      recommendedProxySettings = true;
      recommendedTlsSettings = true;
      sslDhparam = config.security.dhparams.params.nginx.path;
      commonHttpConfig = ''
        ssl_ecdh_curve X448:X25519:prime256v1:secp521r1:secp384r1;

        log_format main
                '$remote_addr "$remote_user" '
                '"$host" "$request" $status $bytes_sent '
                '"$http_referer" "$http_user_agent" '
                '$gzip_ratio';

        access_log syslog:server=unix:/dev/log main;
        error_log syslog:server=unix:/dev/log info;

        client_body_temp_path /run/nginx-client-bodies 2 2;
        proxy_temp_path /run/nginx-proxy-bodies 2 2;
      '';
      additionalModules = with pkgs.nginxModules; [ pam ];
      eventsConfig = ''
        worker_connections 2048;
      '';
    };
    systemd.services.nginx = {
      preStart = lib.mkForce config.services.nginx.preStart;
      serviceConfig = {
        ExecReload = lib.mkForce "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
        RuntimeDirectory = lib.mkForce [ "nginx" "nginx-client-bodies" "nginx-proxy-bodies" ];
        RuntimeDirectoryMode = "0750";
      };
    };

    services.uwsgi = {
      enable = true;
      plugins = ["python3"];
      instance = {
        type = "emperor";
        vassals = {};
      };
    };
  };
}