{
  pkgs,
  lib,
  config,
  ...
}: let
  app = "magento2";
  domain = "127.0.0.1";
  dataDir = config.users.users.akill.home + "/proj/magento2/magento/pub";
in {
  services = {
    phpfpm.pools.${app} = {
      user = "akill";
      group = "users";
      settings = {
        "listen.owner" = config.services.nginx.user;
        "pm" = "dynamic";
        "pm.max_children" = 32;
        "pm.max_requests" = 500;
        "pm.start_servers" = 2;
        "pm.min_spare_servers" = 2;
        "pm.max_spare_servers" = 5;
        "php_admin_value[error_log]" = "stderr";
        "php_admin_flag[log_errors]" = true;
        "catch_workers_output" = true;
      };
      phpEnv."PATH" = lib.makeBinPath [pkgs.php];
    };

    nginx = {
      user = "akill";
      group = "users";
      enable = true;
      virtualHosts.${domain}.locations."/" = {
        root = dataDir;
        extraConfig = ''
          fastcgi_split_path_info ^(.+\.php)(/.+)$;
          fastcgi_pass unix:${config.services.phpfpm.pools.${app}.socket};
          include ${pkgs.nginx}/conf/fastcgi_params;
          include ${pkgs.nginx}/conf/fastcgi.conf;
        '';
      };
    };

    mysql = {
      enable = true;
      package = pkgs.mysql;
      settings.mysqld.port = 3306;
      initialDatabases = [{name = "magento2";}];
      ensureUsers = [
        {
          name = "magento2";
          ensurePermissions = {"magento2.*" = "ALL PRIVILEGES";};
        }
      ];
    };

    opensearch.enable = true;

    postgresql = {
      enable = true;
      enableTCPIP = true;
      authentication = pkgs.lib.mkOverride 10 ''
        local all all trust
        host all all 127.0.0.1/32 trust
        host all all ::1/128 trust
      '';
      initialScript = pkgs.writeText "backend-initScript" ''
        CREATE ROLE magento2 WITH LOGIN PASSWORD 'magento2' CREATEDB;
        CREATE DATABASE magento2;
        GRANT ALL PRIVILEGES ON DATABASE magento2 TO magento2;
      '';
    };
  };

  systemd.services.phpfpm-magento2.serviceConfig.ProtectHome = lib.mkForce false;
}