{ config, pkgs, lib, ... }:

{
  options.caddy = {
    enable = lib.mkEnableOption "Enables caddy webserver";
    vhosts = lib.mkOption {};
    adminEmail = lib.mkOption { type = lib.types.str; };
    environmentFile = lib.mkOption {};
  };

  config = lib.mkIf config.caddy.enable {
    networking.firewall.allowedTCPPorts = [ 80 443 ];
    services.caddy = {
      enable = true;
      globalConfig = ''
        acme_dns porkbun {
          api_key {$APIKEY}
          api_secret_key {$APISECRETKEY}
        }
      '';
      package = pkgs.caddy.withPlugins {
        plugins = [ "github.com/caddy-dns/porkbun@v0.3.1" ];
        hash = "sha256-g/Nmi4X/qlqqjY/zoG90iyP5Y5fse6Akr8exG5Spf08=";
      };
      virtualHosts = config.caddy.vhosts;
      email = config.caddy.adminEmail;
    };
    systemd.services.caddy.serviceConfig.EnvironmentFile = [ 
      config.caddy.environmentFile 
    ];
  };
}