{ ... }: {
  users.groups.haproxy.gid = 99;

  users.users.haproxy = {
    uid = 99;
    group = "haproxy";
  };

  sops.secrets = {
    "dotspace/pki/lagarde.dev.pem" = {
      mode = "0660";
      owner = "haproxy";
      group = "haproxy";
    };
    "dotspace/pki/mlaga97.space.pem" = {
      mode = "0660";
      owner = "haproxy";
      group = "haproxy";
    };
    "dotspace/pki/bauble.boutique.pem" = {
      mode = "0660";
      owner = "haproxy";
      group = "haproxy";
    };
  };

  virtualisation.oci-containers.containers.haproxy = {
    image = "haproxy:2.6-alpine";
    ports = [
      "68.183.54.8:80:80"
      "68.183.54.8:443:443"
      "[2604:a880:800:10::d60:9001]:80:80"
      "[2604:a880:800:10::d60:9001]:443:443"

      "10.86.84.1:80:5080"
      "10.86.84.1:443:5443"

      "8448:8448"
      "9980:9980"
    ];
    volumes = [
      "/run/secrets/dotspace/pki:/certs"
      "/home/lauren_lagarde/fortress/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg" # TODO
    ];
  };
}