{pkgs, config, ...}:
{
  services.nginx.enable = true;
  services.nginx.virtualHosts."${config.networking.hostName}" = {
    root = pkgs.mmelodies.frontend;
    locations."/hls/" = {
      alias = "/var/cache/hls/";
      extraConfig = ''
        types {
          application/vnd.apple.mpegurl m3u8;
          video/mp2t ts;
      } 
      '';
    };
  };
  networking.firewall.allowedTCPPorts = [ 80 443 ];

  systemd.tmpfiles.rules = [
    "d /dev/shm/hls 0755 appuser users 12h -"
    "L /var/cache/hls - - - - /dev/shm/hls"
  ];
}