{ config, lib, ... }:
let
  cfg = config.custom.acmeHttpClient;
in
{
  options = {
    custom.acmeHttpClient.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
    };

    services.nginx.virtualHosts = lib.mkOption {
      type = lib.types.attrsOf (
        lib.types.submodule {
          config = lib.mkIf cfg.enable (
            lib.mkDefault {
              enableACME = true;
            }
          );
        }
      );
    };
  };

  config = lib.mkIf cfg.enable {
    environment.persistence."/persist".directories = [
      {
        directory = "/var/lib/acme";
        user = "acme";
        group = "acme";
        mode = "u=rwx,g=rx,o=rx";
      }
    ];

    networking.firewall.allowedTCPPorts = [ 80 ];

    security.acme = {
      acceptTerms = true;
      defaults.email = "vili.m.sinerva@gmail.com";
    };
  };
}