{
  povSelf,
  hostConfig,
  config,
  lib,
  dnsNix,
  ...
}:

let
  inherit (lib) types;
  cfg = lib.getAttrFromPath povSelf config;

in
{

  options = {
    enable = {
      type = types.bool;
      default = false;
    };
    domain = {
      type = types.str;
      default = "ctu.cx";
    };
  };

  config = lib.mkIf cfg.enable {
    dns.zones."${cfg.domain}" =
      dnsNix.combinators.host hostConfig.networking.ip4Address hostConfig.networking.ip6Address;

    services.nginx = {
      enable = true;
      virtualHosts."${cfg.domain}" = {
        useACMEHost = "${config.networking.fqdn}";
        forceSSL = true;
        kTLS = true;
      };
    };
  };

}