{ pkgs, config, lib, ... }:

{
  options = {
    homelab.publicDomain= lib.mkOption {
      type = lib.types.str;
    };
    homelab.authDomain = lib.mkOption {
      type = lib.types.str;
    };
    homelab.domain = lib.mkOption {
      type = lib.types.str;
    };
  };

  config = {
    homelab.domain = "${config.networking.hostName}.astolfo.org";
    homelab.publicDomain = "astolfo.org";
    homelab.authDomain = lib.mkDefault "sso.${config.homelab.publicDomain}";

    networking.firewall.allowedTCPPorts = [ 80 443 ];
    
    services.caddy = {
      enable = true;
    };

    security.acme = {
      acceptTerms = true;
      defaults.email = "hello@astolfo.org";

      certs."${config.homelab.domain}" = {
        group = config.services.caddy.group;

        domain = "${config.homelab.domain}";
        extraDomainNames = [ "*.${config.homelab.domain}" ];
        dnsProvider = "cloudflare";
        dnsResolver = "1.1.1.1:53";
        dnsPropagationCheck = true;
        environmentFile = /var/lib/caddy/secret;
      };
    };
  };
}