{ config, lib, ... }:

with lib;

let
  cfg = config.settings.containers.caddy;
in {
  options = {
    settings.containers.caddy.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      description = ''
        Enable caddy container
      '';
    };
  };

  config = mkIf cfg.enable {
    services.podman.containers.caddy = {
      image = "localhost/tboomers/caddy-custom:latest";
      network = "proxy";
      ports = [
        "1080:80"
        "1443:443"
      ];
      volumes = [
        "%h/containers/caddy/Caddyfile:/etc/caddy/Caddyfile"
        "%h/containers/caddy/acme_key:/etc/caddy/acme_key"
        "%h/containers/caddy/data:/data"
      ];
    };

    home.file."containers/caddy/Caddyfile".text = ''
      *.tbmrs.nl, tbmrs.nl {
        tls {
          dns transip xeovalyte /etc/caddy/acme_key
          resolvers 1.1.1.1
        }

        @root host tbmrs.nl
        handle @root {
          respond "Hello there"
        }

        @kanidm host auth.tbmrs.nl
        handle @kanidm {
          reverse_proxy https://auth.tbmrs.nl
        }

        @forgejo host git.tbmrs.nl
        handle @forgejo {
          reverse_proxy forgejo:3000
        }
      }
    '';
  };
}