{
  lib,
  pkgs,
  config,
  ...
}: {
  services.caddy = {
    enable = true;
    email = "hedgehog@mrhedgehog.xyz";
    # globalConfig = ''
    # '';
    virtualHosts = {
      "cache.thehedgehog.me" = {
        extraConfig = ''
          import cf_tls
          reverse_proxy http://localhost:5000
        '';
      };
      "hydra.thehedgehog.me" = {
        extraConfig = ''
          import cf_tls
          reverse_proxy http://localhost:3000
        '';
      };
      "reddit.thehedgehog.me" = {
        extraConfig = ''
          import cf_tls
          reverse_proxy http://localhost:4000
        '';
      };
    };
    extraConfig = ''
      (cf_tls) {
        tls ${config.age.secrets.thehedgehog-pem.path} ${config.age.secrets.thehedgehog-key.path} {
          protocols tls1.3
          client_auth {
            mode require_and_verify
            trusted_ca_cert_file ${config.age.secrets.cloudflare-ca.path}
          }
        }
      }
    '';
  };
}