{ flake, ... }:
let
  inherit (flake.config.services) instances;

  service = instances.caddy;
in
{
  services.caddy = {
    enable = true;
  };
  users.users.${service.name}.extraGroups = [
    "acme"
    "mastodon"
    "firefly-iii"
  ];

  networking = {
    firewall = {
      allowedTCPPorts = [
        service.ports.port0
        service.ports.port1
      ];
    };
  };
}