{ lib, pkgs, config, myconfig, mylibs, ... }:
let
    cfg = config.services.myWebsites.Papa;
    varDir = "/var/lib/ftp/papa";
in {
  options.services.myWebsites.Papa = {
    production = {
      enable = lib.mkEnableOption "enable Papa's website";
    };
  };

  config = lib.mkIf cfg.production.enable {
    security.acme.certs."ftp".extraDomains."surveillance.maison.bbc.bouya.org" = null;
    security.acme.certs."papa" = config.services.myCertificates.certConfig // {
      domain = "surveillance.maison.bbc.bouya.org";
    };

    services.cron = {
      systemCronJobs = let
        script = pkgs.writeScript "cleanup-papa" ''
          #!${pkgs.stdenv.shell}
          d=$(date -d "7 days ago" +%Y%m%d)
          for i in /var/lib/ftp/papa/*/20[0-9][0-9][0-9][0-9][0-9][0-9]; do
            if [ "$d" -gt $(basename $i) ]; then
              rm -rf "$i"
            fi
          done
          '';
      in
        [
        ''
          0 6 * * * wwwrun ${script}
        ''
      ];
    };

    services.myWebsites.production.vhostConfs.papa = {
      certName    = "papa";
      hosts       = [ "surveillance.maison.bbc.bouya.org" ];
      root        = varDir;
      extraConfig = [
        ''
        Use Apaxy "${varDir}" "title .duplicity-ignore"
        <Directory ${varDir}>
          Use LDAPConnect
          Options Indexes
          AllowOverride None
          Require ldap-group   cn=surveillance.maison.bbc.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
        </Directory>
          ''
      ];
    };
  };
}