diff --git a/hosts/public-access-proxy/proxy.nix b/hosts/public-access-proxy/proxy.nix
index a22a87f4..7593c54d 100644
--- a/hosts/public-access-proxy/proxy.nix
+++ b/hosts/public-access-proxy/proxy.nix
@@ -109,6 +109,7 @@ in
     services.haproxy = {
       enable = true;
       config = ''
+        # TODO: upstream to nixos-modules
         global
           ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
           ssl-dh-param-file ${config.security.dhparams.params.nginx.path}