{
  lib,
  config,
  pkgs,
  ...
}:
let
  cfg = config.my.services.collabora-online;
in
{

  options.my.services.collabora-online = {
    enable = lib.mkEnableOption "Enable Collabora Online module";

    proxy = {
      enable = lib.mkEnableOption "Set the proxy entry for this service";

      domain = lib.mkOption {
        default = "example.com";
        type = lib.types.str;
        description = ''
          The domain where Caddy is reachable
        '';
      };

      subdomain = lib.mkOption {
        default = "collabora";
        type = lib.types.str;
        description = ''
          The subdomain where Collabora Online is reachable
        '';
      };

      host = lib.mkOption {
        default = "localhost";
        type = lib.types.str;
        description = ''
          Host name where Collabora Online is running
        '';
      };
    };
  };

  config = lib.mkMerge [
    (lib.mkIf cfg.enable {

      services.collabora-online = {
        enable = true;
        # settings = {
        #   host = [
        #     ''127\.0\.0\.1''
        #   ];
        #   storage.wopi."@allow" = true;
        # };
      };

      networking.firewall.allowedTCPPorts = [
        config.services.collabora-online.port
      ];
    })

    (lib.mkIf cfg.proxy.enable {
      services.caddy = with cfg.proxy; {
        virtualHosts."${subdomain}.${domain}".extraConfig = ''
          import cloudflare_${domain}
          reverse_proxy http://${host}:${toString config.services.collabora-online.port} {
            # Required to circumvent bug of Onlyoffice loading mixed non-https content
            header_up X-Forwarded-Proto https
          }
        '';
      };
    })
  ];
}