{
	network.description = "Cryto";

	osmium = { config, lib, pkgs, ... }: let
		proxiedApplications = [{
			hostname = "pastebin-stream.cryto.net";
			tls = false;
			config = ''
				root ${pkgs.valgrind.doc}/share/doc/valgrind/html
			'';
		}];

		generateCaddyHostConfiguration = applications:
			lib.concatStrings (map (application: ''
				${application.hostname} {
					${lib.optionalString (application.tls == false) "tls off"}
					${application.config}
				}
			'') applications);
	in {
		services.caddy = {
			enable = true;
			agree = true;
			email = "admin@cryto.net";
			config = ''
				${generateCaddyHostConfiguration proxiedApplications}
			'';
		};

		networking.firewall.allowedTCPPorts = [ 2015 ];
	};
}