{ pkgs, config, lib, ... }:

let
  cfg = config.modules.homelab.nginx-proxy;
in
{
  options.modules.homelab.nginx-proxy = {
    enable = lib.mkEnableOption "enables nginx-proxy";
  };

  config = lib.mkIf cfg.enable {
    # enable nginx proxy manager
    services.nginx = {
      enable = true;
      recommendedProxySettings = true;
      recommendedTlsSettings = true;
    };
    # enable acme for auto ssl certs with lets encrypt
    security.acme = {
      acceptTerms = true;
      defaults.email = "me@blakedheld.xyz";
    };

    # nginx secrets
    sops.secrets = {
      "ssl_blakedheld_crt" = {
        restartUnits = [ "nginx.service" ];
        owner = "nginx";
        group = "nginx";
        neededForUsers = true;
      };
      "ssl_blakedheld_key" = {
        owner = "nginx";
        group = "nginx";
        neededForUsers = true;
      };
    };
  };
}