{ common, ... }:
let
  domain = common.domain;
in
{
  services.caddy = {
    enable = false;
    email = "cert@${domain}";
    virtualHosts =
      let
        localProxy = proxyTo "localhost";
        homelabProxy = proxyTo "192.168.10.231";
        proxyTo = ip: port: "reverse_proxy ${ip}:${builtins.toString port}";
        redirect = subdomain: "redir https://${subdomain}.${domain}{uri}";
      in
      {
        "beta.${domain}".extraConfig = ''
          redir https://${domain}{uri}
        '';
        "git.${domain}".extraConfig = ''
          ${redirect "code"}
        '';
        "kitchenowl.${domain}".extraConfig = ''
          ${redirect "grocery"}
        '';
        # Gitea
        "code.${domain}".extraConfig = ''
          ${homelabProxy 3000}
        '';
        # Forgejo
        "beta.code.${domain}".extraConfig = ''
          ${localProxy 8001}
        '';
        # Nextcloud
        "nextcloud.${domain}".extraConfig = ''
          redir /.well-known/carddav /remote.php/dav 301
          redir /.well-known/caldav /remote.php/dav 301
          ${homelabProxy 11000}
        '';
        # Kitchenowl
        "grocery.${domain}".extraConfig = ''
          ${homelabProxy 800}
        '';
        # Actual Budget
        "budget.${domain}".extraConfig = ''
          ${homelabProxy 5006}
        '';
        # Uptime Kuma
        "status.${domain}".extraConfig = ''
          ${homelabProxy 3001}
        '';
        # Headscale
        "vpn.${domain}".extraConfig = ''
          reverse_proxy /web* 192.168.10.231:8084
          reverse_proxy * 192.168.10.231:8082
        '';
        # Headscale SmartDNS
        "dns.${domain}".extraConfig = ''
          ${homelabProxy 8082}
        '';
        # FreshRSS
        "rss.${domain}".extraConfig = ''
          ${homelabProxy 8085}
        '';
        # Ente backend
        "api.ente.${domain}".extraConfig = ''
          ${homelabProxy 8083}
        '';
        # Ente Photos frontend
        "ente.${domain}".extraConfig = ''
          ${homelabProxy 3003}
        '';
        # Ente Auth frontend
        "mfa.${domain}".extraConfig = ''
          ${homelabProxy 3004}
        '';
        # Homepage / portfolio
        "${domain}".extraConfig = ''
          ${homelabProxy 4321}
        '';
        # Yamtrack
        "track.${domain}".extraConfig = ''
          ${homelabProxy 8090}
        '';
        # Donetick
        "chore.${domain}".extraConfig = ''
          ${homelabProxy 2021}
        '';
      };
  };
}