{ config, lib, ... }: {
    
    options.sysconfig.virtualization."blunkall.us".enable = lib.mkOption {
        type = lib.types.bool;
        default = false;
    };

    config = lib.mkIf config.sysconfig.virtualization."blunkall.us".enable {

        containers.blunkall-us = {

            autoStart = true;
            privateNetwork = true;
            hostAddress = "192.168.100.10";
            localAddress = "192.168.100.13";

            bindMounts = {
                "/var/www/data" = {
                    hostPath = "/ssd1/blunkall_us/data";
                    isReadOnly = false;
                };
            };

            config = {

                services.nginx = {
                    enable = true;
                    virtualHosts = {
                        "blunkall.us" = {
                            enableACME = false;
                            forceSSL = false;
                            root = "/var/www/data";
                        };
                        "homebox.vpn/blunkall" = {
                            enableACME = false;
                            forceSSL = false;
                            root = "/var/www/data";
                        };
                    };
                };

                networking.firewall.allowedTCPPorts = [ 80 ];

                system.stateVersion = "24.05";
            };
        };
    };
}