{lib, pkgs, config, ...}:

/* taken from https://github.com/jdheyburn/nixos-configs
no license
*/

with lib;
let
  cfg = config.modules.caddy;
  caddyMetricsPort = 2019;
in
{
  options = {
    modules = {
      caddy = { enable = mkEnableOption "Deploy Caddy"; };
    };
  };

  config = mkIf cfg.enable {
    # Allow network access when building
    # https://mdleom.com/blog/2021/12/27/caddy-plugins-nixos/#xcaddy
    #nix.settings.sandbox = false;

    networking.firewall.allowedTCPPorts = [
      80
      443
      caddyMetricsPort
    ];

    services.caddy = {
      enable = true;
      /* package = pkgs.caddy.withPlugins {
        plugins = [ "github.com/caddy-dns/cloudflare@v0.0.0-20240703190432-89f16b99c18e"];
        hash = "sha256-JVkUkDKdat4aALJHQCq1zorJivVCdyBT+7UhqTvaFLw=";
      };*/
    };

    systemd.services.caddy = {
      serviceConfig = {
        AmbientCapabilities = "cap_net_bind_service";
        CapabilityBoundingSet = "cap_net_bind_service";
        TimeoutStartSec = "5m";
      };
    };
  };
}