{ service_configs, ... }:
{
  services.caddy = {
    enable = true;
    virtualHosts = {
      ":${builtins.toString service_configs.ports.https}".extraConfig = ''
        tls ${service_configs.https.certs}/cert.crt ${service_configs.https.certs}/cert.key

        handle_path /torrent* {
        	reverse_proxy 127.0.0.1:${builtins.toString service_configs.ports.torrent}
        }

        root * ${service_configs.https.data_dir}
        file_server browse
      '';

      "immich.gardling.com".extraConfig = ''
        reverse_proxy 127.0.0.1:${builtins.toString service_configs.ports.immich}
      '';

      "jellyfin.gardling.com".extraConfig = ''
        reverse_proxy 127.0.0.1:${builtins.toString service_configs.ports.jellyfin}
        request_body {
        	max_size 4096MB
        }
      '';

      ${service_configs.gitea.domain}.extraConfig = ''
        reverse_proxy 127.0.0.1:${builtins.toString service_configs.ports.gitea}
      '';
    };
  };

  networking.firewall.allowedTCPPorts = [
    service_configs.ports.https
  ];

  networking.firewall.allowedUDPPorts = [
    service_configs.ports.https
  ];
}