{
  lib,
  config,
  vars,
  ...
}: let
  cfg = config.services.nix-serve;
  inherit (vars) domain;
in
  with lib; {
    config = mkIf cfg.enable {
      users = {
        groups.nix-serve = {};
        users.nix-serve = {
          group = "nix-serve";
          isSystemUser = true;
        };
      };
      services = {
        nix-serve = {
          secretKeyFile = "/var/cache-priv-key.pem";
        };
        nginx = {
          virtualHosts = {
            # ... existing hosts config etc. ...
            "nixcache.${domain}" = {
              locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
            };
          };
        };
      };
    };
  }