{ pkgs, config, ... }:
let
  # nix-cache01 serves the canonical nix-cache.home.2rjus.net
  # nix-cache02 serves nix-cache02.home.2rjus.net (for testing before DNS cutover)
  hostname = config.networking.hostName;
  domain =
    if hostname == "nix-cache01" then
      "nix-cache.home.2rjus.net"
    else
      "${hostname}.home.2rjus.net";
in
{
  services.caddy = {
    enable = true;
    package = pkgs.unstable.caddy;
    configFile = pkgs.writeText "Caddyfile" ''
      {
        acme_ca https://vault.home.2rjus.net:8200/v1/pki_int/acme/directory
        metrics
      }


      ${domain} {
        log {
          output file /var/log/caddy/nix-cache.log {
            mode 644
          }
        }
        metrics /metrics

        reverse_proxy http://localhost:5000
      }
    '';
  };
}