{ nglib, website, nixpkgs }:
nglib.makeSystem {
  system = "x86_64-linux";
  name = "nixng-website";
  inherit nixpkgs;
  config = ({ pkgs, options, ... }: {
    dumb-init = {
      enable = true;
      type.services = {};
    };
    init.services.apache2 = {
      ensureSomething.link."documentRoot" = {
        src = "${website."x86_64-linux"}/redalder";
        dst = "/var/www";
      };
      shutdownOnExit = true;
    };
    services.apache2 = {
      enable = true;
      configuration = [
        {
          LoadModule = [
            [ "mpm_event_module" "modules/mod_mpm_event.so" ]
            [ "log_config_module" "modules/mod_log_config.so" ]
            [ "unixd_module" "modules/mod_unixd.so" ]
            [ "authz_core_module" "modules/mod_authz_core.so" ]
            [ "dir_module" "modules/mod_dir.so" ]
            [ "mime_module" "modules/mod_mime.so" ]
          ];
        }
        {
          Listen = "0.0.0.0:80";

          ServerRoot = "/var/www";
          ServerName = "blowhole";
          PidFile = "/httpd.pid";

          User = "www-data";
          Group = "www-data";

          DocumentRoot = "/var/www";
        }

        {
          ErrorLog = "/dev/stderr";
          TransferLog = "/dev/stdout";

          LogLevel = "info";
        }

        {
          AddType = [
            [ "image/svg+xml" "svg" "svgz" ]
          ];
          AddEncoding = [ "gzip" "svgz" ];

          TypesConfig = "${pkgs.apacheHttpd}/conf/mime.types";
        }
        
        {
          Directory = {
            "/" = {
              Require = [ "all" "denied" ];
              Options = "SymlinksIfOwnerMatch";
            };
          };

          VirtualHost = {
            "*:80" = {
              Directory = {
                "/var/www" = {
                  Require = [ "all" "granted" ];
                  Options = [ "-Indexes" "+FollowSymlinks" ];
                  DirectoryIndex = "index.html";
                };
              };
            }; 
          };
        }
      ];
    };
  });
}