{
  config,
  lib,
  ...
}:

{

  options.zpha.websites."links.zaphyra.eu".enable = lib.mkEnableOption "";

  config = lib.mkIf config.zpha.websites."links.zaphyra.eu".enable {
    dns.zones."zaphyra.eu".subdomains."links".CNAME = [ "${config.networking.fqdn}." ];

    # sops.secrets = {
    #   "restic/memos/repositoryPassword" = { };
    #   "restic/memos/sshPrivateKey" = { };
    # };

    common = {
      configure.persist.system.dirs = [ "/var/lib/private/shiori" ];

      # services.resticBackup.memos = {
      #   inherit (config.services.memos) user;
      #   enable = true;
      #   targets = [
      #     "restic-target.fc9f.de"
      #     "isodon.fc9f.de"
      #   ];
      #   sshKeyFile = config.sops.secrets."restic/memos/sshPrivateKey".path;
      #   passwordFile = config.sops.secrets."restic/memos/repositoryPassword".path;
      #   sqliteDatabases = [ "${config.services.memos.dataDir}/memos_prod.db" ];
      #   paths = [ "${config.services.memos.dataDir}/uploads" ];
      # };
    };

    services = {
      postgresql.enable = true;
      shiori = {
        enable = true;
        address = "[::1]";
        port = 7523;
      };
      nginx.virtualHosts."links.zaphyra.eu" = {
        useACMEHost = config.networking.fqdn;
        forceSSL = true;
        kTLS = true;
        locations."/" = {
          proxyPass = "http://${toString config.services.shiori.address}:${toString config.services.shiori.port}";
          proxyWebsockets = true;
        };
      };
    };
  };

}