{config, ...}: {
  services.caddy = {
    enable = true;
    virtualHosts."auth.wanderingcrow.net".extraConfig = ''
      reverse_proxy http://localhost:5555
    '';
  };
  sops.templates.authentik-env.content = ''
    AUTHENTIK_SECRET_KEY=qwerasvvbkuhjbn235987@!$
    AUTHENTIK_LISTEN__HTTP=127.0.0.1:5555
    AUTHENTIK_LISTEN__HTTPS=127.0.0.1:5443
  '';
  services.authentik = {
    enable = true;
    environmentFile = config.sops.templates.authentik-env.path;
  };
}