{ pkgs, ... }:
{
  networking.firewall = {
    allowedTCPPorts = [
      #nginx
      80
      443
    ];
  };

  services.nginx = {
    enable = true;
    virtualHosts."torrents" = {
      locations."/" = {
        proxyPass = "http://localhost:3000";
      };
    };
  };

  users.extraUsers.flood = {
    isNormalUser = true;
  };

  systemd.services = {
    flood = {
      enable = true;
      serviceConfig = {
        User = "flood";
        WorkingDirectory = "/home/flood";
        ExecStart = "${pkgs.flood}/bin/flood";
        Restart = "on-failure";
      };
      wantedBy = [ "multi-user.target" ];
      after = [ "network.target" ];
    };
  };
}