{ config, pkgs, ... }:
{
  services = {
    lldap = {
      enable = true;
      settings = {
        ldap_user_email = "gandalf@bhankas.org";
        ldap_user_dn = "gandalf";
        ldap_port = 3890;
        ldap_host = "0.0.0.0";
        http_url = "https://ldap.bhankas.org";
        http_port = 17170;
        http_host = "0.0.0.0";
      };
    };

    nginx = {
      enable = true;
      virtualHosts = {
        "ldap.bhankas.org" = {
          addSSL = true;
          enableACME = true;
          locations."/" = {
            proxyPass = "http://127.0.0.1:3890";
            proxyWebsockets = false;
            extraConfig =
              "proxy_set_header Host $host;"
            ;
          };
        };
      };
    };
  };

  security.acme = {
    acceptTerms = true;
    certs = {
      "ldap.bhankas.org" = {
        email = "admin@bhankas.org";
        dnsResolver = "1.1.1.1:53";
      };
    };
  };
}