{ flake, ... }:
let
  inherit (flake.config.services.instances) caddy;

  service = caddy;

in
{
  services.caddy = {
    enable = true;
  };
  users.users.${service.name}.extraGroups = [
    "acme"
    "nextcloud"
  ];

  networking = {
    firewall = {
      allowedTCPPorts = [
        service.ports.port0
        service.ports.port1
        service.ports.port2
      ];
    };
  };
}