{config, ...}: let
  httpIntPort = 14010;
  dom = "picture.wtf";
in {
  sops.secrets."svc-breeze-upload_key" = {
    owner = "breeze";
    group = "breeze";
  };

  services.nginx = {
    virtualHosts.${dom} = {
      forceSSL = true;
      enableACME = true;

      quic = true;

      locations."/" = {
        proxyPass = "http://127.0.0.1:${toString httpIntPort}";
      };
    };
  };

  systemd.tmpfiles.rules = [
    "d /srv/uploads 0750 breeze breeze - -"
  ];

  services.breeze = {
    enable = true;
    uploadKeyFile = config.sops.secrets."svc-breeze-upload_key".path;

    settings = {
      engine = {
        base_url = "https://${dom}";
        motd = "minish's image host, currently hosting %uplcount% files";
        max_upload_len = 2147483648;
        max_temp_lifetime = 43200;
        max_strip_len = 16777216;

        disk.save_path = "/srv/uploads";
        cache = {
          max_length = 268435456;
          upload_lifetime = 1800;
          scan_freq = 60;
          mem_capacity = 4294967296;
        };
      };

      http.listen_on = "127.0.0.1:${toString httpIntPort}";
      logger.level = "info";
    };
  };
}