{
  config,
  pkgs,
  ...
}: {
  sops.secrets."writefreely".mode = "0440";
  sops.secrets."writefreely".owner = config.users.users.writefreely.name;
  sops.secrets."writefreelymysql".mode = "0440";
  sops.secrets."writefreelymysql".owner = config.users.users.writefreely.name;
  services.writefreely = {
    enable = true;
    host = "writefreely.gladtherescake.eu";
    nginx.enable = true;
    nginx.forceSSL = true;
    acme.enable = true;
    # database = {
    #   type = "mysql";
    #   createLocally = true;
    #   passwordFile = config.sops.secrets."writefreelymysql".path;
    # };
    admin = {
      initialPasswordFile = config.sops.secrets."writefreely".path;
      name = "GLaDTheresCake";
    };
    settings = {
      app = {
        min_username_len = 2;
        max_blogs = 100;
        default_visibility = "public";
        federation = true;
        local_timeline = true;
      };
      server.port = 1212;
    };
  };
  systemd.services.writefreely = {
    path = [pkgs.openssl];
  };
}