{
  povSelf,
  hostConfig,
  config,
  pkgs,
  lib,
  ...
}:

let
  inherit (lib) types;
  cfg = lib.getAttrFromPath povSelf config;

in
{

  options = {
    enable = {
      type = types.bool;
      default = false;
    };
    domain = {
      type = types.str;
      default = "zaphyra.eu";
    };
    subdomain = {
      type = types.str;
      default = "things";
    };
  };

  config = lib.mkIf cfg.enable {
    dns.zones."${cfg.domain}".subdomains."${cfg.subdomain}".CNAME = [ "${config.networking.fqdn}." ];

    sops.secrets."resticPasswords/things" = { };

    modules.filesystem.impermanence.system.dirs = [
      {
        directory = "/var/lib/things";
        mode = "0700";
        user = "things";
        group = "things";
      }
    ];

    modules.services.resticBackup.paths = {
      things = {
        enable = true;
        user = "things";
        passwordFile = config.sops.secrets."resticPasswords/things".path;
        paths = [ config.services.things.storagePath ];
      };
    };

    services.things = {
      enable = true;
      storagePath = "/var/lib/things";
      nginx.enable = true;
      nginx.domain = "${cfg.subdomain}.${cfg.domain}";
    };

    services.nginx = {
      enable = true;
      virtualHosts."${cfg.subdomain}.${cfg.domain}" = {
        useACMEHost = "${config.networking.fqdn}";
        forceSSL = true;
        kTLS = true;
      };
    };
  };

}