{ ... }:
{
  services.nginx = {
    enable = true;
    virtualHosts."syncthing.dryb.org" = {
      addSSL = true;
      enableACME = true;
      locations."/" = {
        proxyPass = "http://127.0.0.1:8384";
      };
    };
    virtualHosts."vaultwarden.dryb.org" = {
      addSSL = true;
      enableACME = true;
      locations."/" = {
        proxyPass = "http://127.0.0.1:8005";
      };
    };
  };

  networking.firewall = {
    allowedTCPPorts = [
      80
      443
    ];
  };
}