{config, ...}:
let 
  domain = "myrmexia.xyz";
  subDomain = "bosco.${domain}";
in {
  services = {
    headscale = {
      enable = true;
      address = "0.0.0.0";
      port = 8080;
      settings = { 
        logtail.enabled = false; 
        serverUrl = "https://${subDomain}";
        dns_config.base_domain = "${domain}";
        ip_prefixes = [
          "100.64.0.0/10"
          # "fdef:6567:bd7a::/48"
          "fd7a:115c:a1e0::/48"
        ];
      };
    };

    caddy = {
      enable = true;
      email = "devin.finlinson@pm.me";
      virtualHosts.${subDomain}.extraConfig = ''
        reverse_proxy http://localhost:${toString config.services.headscale.port}
      '';
    };
  };

  networking.firewall.allowedTCPPorts = [ 80 443 ];
  environment.systemPackages = [ config.services.headscale.package ];
}