{ config, pkgs, lib, mkDomain, ... }:
{
  # CensorDodge
  # A lightweight and customisable web proxy
  /** /
  services.phpfpm.pools.censordodge = {
    user = "censordodge";
    group = "censordodge";
    settings = {
      "listen.owner" = config.services.nginx.user;
      "listen.group" = config.services.nginx.group;
      "pm" = "dynamic";
      "pm.max_children" = "32";
      "pm.start_servers" = "2";
      "pm.min_spare_servers" = "2";
      "pm.max_spare_servers" = "4";
      "pm.max_requests" = "500";
    };
  };
  services.nginx.virtualHosts.${mkDomain "censordodge"} = {
    forceSSL = true; # addSSL = true;
    enableACME = true; #useACMEHost = acmeDomain;
    root = pkgs.fetchFromGitHub {
      owner = "ryanmab";
      repo = "CensorDodge";
      rev = "2480e8269190ca8618e41dc581f9d55f4ce9f333";
      sha256 = "8R3lyxF22HXui4pJytMcqwwa5TDXIJb6fWII934IhEA=";
    };
    extraConfig = ''
      index index.php;
    '';
    locations."/".extraConfig = ''
      try_files $uri $uri/ /index.php?$args;
    '';
    locations."~ \.php$".extraConfig = ''
      include ${config.services.nginx.package}/conf/fastcgi.conf;
      fastcgi_pass unix:${config.services.phpfpm.pools.censordodge.socket};
      fastcgi_buffers 16 16k;
      fastcgi_buffer_size 32k;
    '';
  };
  users.users.censordodge = {
    isSystemUser = true;
    group = "censordodge";
  };
  users.groups.censordodge = {};
  /**/

}