{ flake, ... }:
let
  inherit (flake.config.services) instances;
  service = instances.caddy;

  importList =
    let
      content = builtins.readDir ./.;
      dirContent = builtins.filter (n: content.${n} == "directory") (builtins.attrNames content);
    in
    map (name: ./. + "/${name}") dirContent;

in
{
  imports = importList;

  services.caddy = {
    enable = true;
  };

  tmpfiles.rules = [
    "d /run/secrets/caddy 755 caddy caddy -"
    "d /var/log/caddy 755 caddy caddy -"
  ];

  networking = {
    firewall = {
      allowedTCPPorts = [
        service.ports.port0 # 80
        service.ports.port1 # 443
      ];
    };
  };
}