{ ... } @ args:

let

in args // {
  config = { pkgs, ... }: {
    imports = [
      ../modules/ddclient-ovh.nix
    ];

    networking.firewall.enable = false;

    services.ddclientovh = {
        enable = true;
        domain = "www.stefanjunker.de";
    };

    systemd.services.mysql-deprecated = {
      enable = true;
      wantedBy = [ "multi-user.target" ];
      serviceConfig = {
        RootDirectory="/var/lib/machines/webserver";
        MountAPIVFS="yes";
        BindReadOnlyPaths="/nix";
      };
      script = ''
        export PATH=$PATH:/bin:/usr/bin:/sbin:/usr/sbin
        mkdir /var/run/mysqld -p
        chown mysql /var/run/mysqld/
        /usr/sbin/mysqld
      '';
    };

    systemd.services.nginx-deprecated = {
      enable = true;
      wantedBy = [ "multi-user.target" ];
      description = "webserver-deprecated service";
      serviceConfig = {
        RootDirectory="/var/lib/machines/webserver";
        MountAPIVFS="yes";
        BindReadOnlyPaths="/nix";
      };
      script = ''
        export PATH=$PATH:/bin:/usr/bin:/sbin:/usr/sbin
        /usr/sbin/nginx -g "daemon off;"
      '';
    };

    systemd.services.php-fpm-deprecated = {
      enable = true;
      wantedBy = [ "multi-user.target" ];
      description = "webserver-deprecated service";
      serviceConfig = {
        RootDirectory="/var/lib/machines/webserver";
        MountAPIVFS="yes";
        BindReadOnlyPaths="/nix";
      };
      script = ''
        export PATH=$PATH:/bin:/usr/bin:/sbin:/usr/sbin
        /usr/lib/php5.5/bin/php-fpm -y /etc/php/fpm-php5.5/php-fpm.conf --pid /run/php-fpm.pid -F
      '';
    };

    ## FIXME: make the following work instead of using the old Gentoo rootfs binaries
    #
    # services.nginx.enable = true;
    # services.nginx.virtualHosts."stefanjunker.de" = {
    #   default = true;
    #   onlySSL = true;
    #   root = "/var/www/stefanjunker.de/htdocs";

    #   sslCertificate = "/etc/secrets/stefanjunker.de/nginx/nginx.crt";
    #   sslCertificateKey = "/etc/secrets/stefanjunker.de/nginx/nginx.key";

    #   locations."/fi" = {
    #     index = "index.php";
    #   };

    #   locations."~ ^(.+\.php)(.*)$".extraConfig = ''
    #     fastcgi_split_path_info  ^(.+\.php)(.*)$;

    #     fastcgi_pass 127.0.0.1:9000;
    #     fastcgi_index index.php;
    #   '';
    # };

    # services.phpfpm.poolConfigs.mypool = ''
    #   listen = 127.0.0.1:9000
    #   user = nobody
    #   pm = dynamic
    #   pm.max_children = 5
    #   pm.start_servers = 2 
    #   pm.min_spare_servers = 1 
    #   pm.max_spare_servers = 3
    #   pm.max_requests = 500

    #   php_admin_value[error_reporting] = E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED
    # '';

    # services.mysql = {
    #   enable = true;
    #   package = pkgs.mysql;
    # };
  };

  autoStart = true;

  bindMounts = {
    "/var/lib/machines/webserver/" = {
      hostPath = "/var/lib/container-volumes/webserver/var-lib-machines-webserver";
      isReadOnly = false;
    };

    ## FIXME: make the following work instead of using the old Gentoo rootfs
    #
    # "/etc/secrets/" = { 
    #   hostPath = "/var/lib/container-volumes/webserver/etc-secrets";
    #   isReadOnly = false;
    # };

    # "/var/www" = { 
    #   hostPath = "/var/lib/container-volumes/webserver/var-www";
    #   isReadOnly = false;
    # };

    # "/var/lib/mysql" = { 
    #   hostPath = "/var/lib/container-volumes/webserver/var-lib-mysql";
    #   isReadOnly = false;
    # };
  };

  privateNetwork = true;
  forwardPorts = [
    {
      # https/custom
      containerPort = 443;
      hostPort = 443;
      protocol = "tcp";
    }
  ];
}