{
  config,
  pkgs,
  ...
}: let
  domain = "objects.cyplo.dev";
  adminDomain = "objects-admin.cyplo.dev";
  objectsPort = 10000;
  adminPort = 10001;
in {
  services.nginx = {
    virtualHosts = {
      "${domain}" = {
        forceSSL = true;
        enableACME = true;
        locations."/" = {proxyPass = "http://127.0.0.1:" + toString objectsPort;};
      };
      "${adminDomain}" = {
        forceSSL = true;
        enableACME = true;
        locations."/" = {proxyPass = "http://127.0.0.1:" + toString adminPort;};
      };
    };
  };
  sops.secrets."minio-env" = {
    sopsFile = ./minio.sops;
    format = "binary";
  };
  services.minio = {
    enable = true;
    region = "cyplodev";
    dataDir = ["/var/lib/minio/data"];
    configDir = "/var/lib/minio/config";
    listenAddress = ":${toString objectsPort}";
    consoleAddress = ":${toString adminPort}";
    rootCredentialsFile = "${config.sops.secrets.minio-env.path}";
  };
}