{
  self,
  pkgs,
  config,
  lib,
  ...
}: let
  inherit (lib) mkIf mkEnableOption;
  cfg = config.server.caddy;
in {
  options = {
    server.caddy.enable = mkEnableOption "Enables caddy";
  };
  config = mkIf cfg.enable {
    age.secrets.cloudflare-env = {
      file = "${self}/secrets/cloudflare-env.age";
      owner = "caddy";
      mode = "400";
    };
    networking.firewall = let
      ports = [80 443];
    in {
      allowedTCPPorts = ports;
      allowedUDPPorts = ports;
    };

    # security.acme = {
    #   acceptTerms = true;
    #   defaults.email = config.server.email;
    #   certs.${config.server.domain} = {
    #     reloadServices = ["caddy.service"];
    #     domain = "${config.server.domain}";
    #     extraDomainNames = ["*.${config.server.domain}"];
    #     dnsProvider = "cloudflare";
    #     dnsResolver = "1.1.1.1:53";
    #     dnsPropagationCheck = true;
    #     group = config.services.caddy.group;
    #     environmentFile = config.age.secrets.cloudflare-env.path;
    #   };
    # };

    services.caddy = {
      enable = true;
      # environmentFile = config.age.secrets.cloudflare-env.path;
      # package = self.packages.${pkgs.system}.caddy-with-plugins;
    };
  };
}