{ config, lib, ... }:

{
  options.headscale = {
    enable = lib.mkEnableOption "Enable headscale";
    server = {
      port = lib.mkOption { default = 7204; };
      domain = lib.mkOption { type = lib.types.str; };
    };
  };

  config = lib.mkIf config.headscale.enable {
    networking.firewall.allowedUDPPorts = [ 3478 ];
    services.headscale = {
      enable = true;
      port = config.headscale.server.port;
      settings = {
        server_url = "https://${config.headscale.server.domain}";
        dns = {
          base_domain = "dns.${config.headscale.server.domain}";
          override_local_dns = false;
        };
      };
    };
  };
}