{ config, pkgs, ... }:
{
  homelab.monitoring.scrapeTargets = [
    {
      job_name = "garage";
      port = 3903;
      metrics_path = "/metrics";
    }
    {
      job_name = "caddy";
      port = 9117;
    }
  ];

  vault.secrets.garage-env = {
    secretPath = "hosts/${config.networking.hostName}/garage";
    extractKey = "env";
    outputDir = "/run/secrets/garage-env";
    services = [ "garage" ];
  };

  services.garage = {
    enable = true;
    package = pkgs.garage;
    environmentFile = "/run/secrets/garage-env";
    settings = {
      metadata_dir = "/var/lib/garage/meta";
      data_dir = "/var/lib/garage/data";
      replication_factor = 1;
      rpc_bind_addr = "[::]:3901";
      rpc_public_addr = "garage01.home.2rjus.net:3901";
      s3_api = {
        api_bind_addr = "[::]:3900";
        s3_region = "garage";
        root_domain = ".s3.home.2rjus.net";
      };
      admin = {
        api_bind_addr = "[::]:3903";
      };
    };
  };

  services.caddy = {
    enable = true;
    package = pkgs.unstable.caddy;
    configFile = pkgs.writeText "Caddyfile" ''
      {
        acme_ca https://vault.home.2rjus.net:8200/v1/pki_int/acme/directory
        metrics
      }

      s3.home.2rjus.net {
        reverse_proxy http://localhost:3900
      }

      http://garage01.home.2rjus.net:9117/metrics {
        metrics
      }
    '';
  };
}