{ config, lib, pkgs, ... }:

let cfg = config.sydnix.deertopia.cache;
in {
  options.sydnix.deertopia.cache.enable =
    lib.mkEnableOption "Deertopia's binary cache";

  config = lib.mkIf cfg.enable {
    sydnix.sops.secrets.deertopia-cache-key.mode = "0600";

    services.nix-serve = {
      enable = true;
      secretKeyFile = config.sops.secrets.deertopia-cache-key.path;
    };

    sydnix.deertopia.nginx.vhosts."cache".vhost = {
      forceSSL = true;
      enableACME = true;
      locations."/".proxyPass =
        let port = builtins.toString config.services.nix-serve.port;
        in "http://127.0.0.1:${port}";
    };
  };
}