{ inputs, config, lib, pkgs, ... }:
let
  cfg = config.services.binary-cache;
in
{
  imports = [
  ];

  options.services.binary-cache = {
    enable = lib.mkOption {
      type = with lib.types; uniq bool;
      default = false;
      description = "Enable Preconfigured Binary-Cache";
    };
  };

  config = lib.mkIf cfg.enable {
    services.nix-serve = {
      enable = true;
      secretKeyFile = "/var/secrets/cache-game01-private-key.pem";
    };

    # Configure Reverse-Proxy
    services.traefik-proxy.enable = true;
    services.traefik.dynamicConfigOptions = {
      http.services.nix-cache.loadBalancer.servers = [ { url = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}/"; } ];
      http.routers.nix-cache.entrypoints = "websecure";
      # http.routers.nix-cache.tls = true;
      http.routers.nix-cache.tls.certresolver = "letsencrypt";
      http.routers.nix-cache.rule = "Host(`cache.game01.kb-one.de`)";
      http.routers.nix-cache.service = "nix-cache";
    };

  };
}