{config, pkgs, ...}:
let 
  domain = "myrmexia.xyz";
  subDomain = "bosco.${domain}";
in {
  services = {
    headscale = {
      enable = true;
      address = "0.0.0.0";
      port = 8080;
      settings = { 
        logtail.enabled = false; 
        serverUrl = "https://${subDomain}";
        dns_config.base_domain = "${domain}";
      };
    };

  #   nginx.virtualHosts.${subDomain} = {
  #     forceSSL = true;
  #     enableACME = true;
  #     locations."/" = {
  #       proxyPass =
  #         "http://localhost:${toString config.services.headscale.port}";
  #       proxyWebsockets = true;
  #     };
  #   };
  # };

  # environment.systemPackages = [ config.services.headscale.package ];

  # security.acme = {
  #   acceptTerms = true;
  #   email = "devin.finlinson@pm.me";
  # };

  services.caddy = {
    enable = true;
    email = "devin.finlinson@pm.me";
    virtualHosts.${subDomain}.extraConfig = ''
      reverse_proxy http://localhost:${toString config.services.headscale.port}
    '';
  };

  networking.firewall.allowedTCPPorts = [ 80 443 ];
}