{
  povSelf,
  hostConfig,
  config,
  lib,
  dnsNix,
  ...
}:

let
  inherit (lib) types;
  cfg = lib.getAttrFromPath povSelf config;

in
{

  options = {
    enable = {
      type = types.bool;
      default = false;
    };
    domain = {
      type = types.str;
      default = "zaphyra.eu";
    };
  };

  config = lib.mkIf cfg.enable {

    dns.zones."${cfg.domain}".subdomains = {
      "ip" = (dnsNix.combinators.host hostConfig.networking.ip4Address hostConfig.networking.ip6Address);
      "ip4".A = [ hostConfig.networking.ip4Address ];
      "ip6".AAAA = [ hostConfig.networking.ip6Address ];
    };

    services.nginx.virtualHosts."ip.${cfg.domain}" = {
      useACMEHost = "${config.networking.fqdn}";
      forceSSL = true;
      kTLS = true;
      locations."/" = {
        extraConfig = "types { } default_type 'text/html; charset=utf-8';";
        return = ''
          200 '
            <!DOCTYPE html>
            <html>
              <head>
                <title>ip.${cfg.domain}</title>
              </head>
              <body>
                <h1>ip.${cfg.domain}</h1>
                <ul>
                  <li><span style="user-select: none;"><b>IPv6:</b> </span><span id="ip6">Loading...</span></li>
                  <li><span style="user-select: none;"><b>IPv4:</b> </span><span id="ip4">Loading...</span></li>
                </ul>
                <p>Use bash and curl: <code>curl ip{4,6}.${cfg.domain}</code></p>
                <p><small>Because any other "Whats my IP?"-tool sucks. <a href="https://git.clerie.de/clerie/ip.clerie.de">Host yourself :3</a></small></p>

                <script>
                  window.addEventListener("DOMContentLoaded", (event) => {
                    [ "ip6", "ip4" ].forEach(async (ipVersion) => {
                      try {
                        const url      = "https://" + ipVersion + ".${cfg.domain}/";
                        const response = await fetch(url + ((/\?/).test(url) ? "&" : "?") + (new Date()).getTime());
                        if(response.status != 200) {
                          document.getElementById(ipVersion).innerText = "Error!";
                        } else {
                          document.getElementById(ipVersion).innerText = await response.text();
                        }
                      } catch {
                        document.getElementById(ipVersion).innerText = "Error!";
                      }
                    });
                  });
                </script>
              </body>
            </html>'
        '';
      };
    };

    services.nginx.virtualHosts."ip4.${cfg.domain}" = {
      useACMEHost = "${config.networking.fqdn}";
      forceSSL = true;
      kTLS = true;
      locations."/" = {
        return = "200 '$remote_addr\n'";
        extraConfig = ''
          types { } default_type "text/plain; charset=utf-8";
          add_header Access-Control-Allow-Origin *;
        '';
      };
    };

    services.nginx.virtualHosts."ip6.${cfg.domain}" = {
      useACMEHost = "${config.networking.fqdn}";
      forceSSL = true;
      kTLS = true;
      locations."/" = {
        return = "200 '$remote_addr\n'";
        extraConfig = ''
          types { } default_type "text/plain; charset=utf-8";
          add_header Access-Control-Allow-Origin *;
        '';
      };
    };
  };

}