{ hostRegistry, zentralwerk, config, ... }:
{
  networking = {
    hostName = "blogs";
    useNetworkd = true;
    interfaces.eth0.ipv4.addresses = [{
      address = hostRegistry.hosts."${config.networking.hostName}".ip4;
      prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
    }];
    defaultGateway = "172.20.73.1";
    firewall.allowedTCPPorts = [
      80 443
    ];
  };

  # See secrets/hosts/blogs for the .env file with all settings
  services.plume = {
    enable = true;
    envFile = config.sops.secrets."plume/env".path;
  };

  sops.secrets = {
    "plume/env".owner = config.systemd.services.plume.serviceConfig.User;
  };
  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];

  services.nginx.enable = true;
  services.nginx.virtualHosts."blogs.c3d2.de" = {
    forceSSL = true;
    enableACME = true;
    locations."/".proxyPass = "http://localhost:7878";
  };
}