{
  config,
  pkgs,
  lib,
  ...
}:
let
  tailscaleMagicDNS = "neon-dory.ts.net";
  publicDomain = "pasetto.me";
  tsDomain = "tegola.pro";
  email = "pasettodavide@gmail.com";
in
{

  age.secrets = {
    searx-secret.file = ../../secrets/searx-secret.age;
    tailscale-authKey.file = ../../secrets/tailscale-authKey.age;
    cloudflare-tegola-apiKey = {
      file = ../../secrets/cloudflare-tegola-apiKey.age;
      owner = config.services.caddy.user;
      group = config.services.caddy.group;
    };
    cloudflare-pasetto-apiKey = {
      file = ../../secrets/cloudflare-pasetto-apiKey.age;
      owner = config.services.caddy.user;
      group = config.services.caddy.group;
    };
    ddclient = {
      file = ../../secrets/ddclient.age;
      mode = "400";
    };
  };

  my = {
    utils = {
      commons.enable = true;
      lxc-standard.enable = true;
    };

    services = {

      dashy = {
        enable = true;
        settings = import ./dashy-settings.nix;
        proxy = {
          enable = true;
          domain = publicDomain;
          host = "caddy.internal";
        };
      };

      media-mgr = {
        proxy = {
          enable = true;
          domain = tsDomain;
          host = "arr.internal";
        };
      };

      nextcloud = {
        proxy = {
          enable = true;
          domain = publicDomain;
          host = "nextcloud.internal";
        };
      };

      searx = {
        enable = true;
        secretFile = config.age.secrets.searx-secret.path;
        enableAI = true;
        perplexicaUrl = "portainer.internal";
        proxy = {
          enable = true;
          domain = tsDomain;
          host = "caddy.internal";
        };
      };

      vaultwarden = {
        proxy = {
          enable = true;
          domain = publicDomain;
          host = "vaultwarden.internal";
        };

      };
    };

    monitoring = {
      prometheus = {
        proxy = {
          enable = true;
          domain = tsDomain;
          host = "metrics.internal";
        };
      };

      grafana = {
        proxy = {
          enable = true;
          domain = tsDomain;
          host = "metrics.internal";
        };
      };
    };

    networking = {
      tailscale = {
        enable = true;
        magicDNSDomain = tailscaleMagicDNS;
        authKeyFile = config.age.secrets.tailscale-authKey.path;
      };

      caddy = {
        enable = true;
        configEnvFile = config.age.secrets.cloudflare-pasetto-apiKey.path;
        domainsList = [
          {
            domain = tsDomain;
            email = email;
            cloudflareApiKeyFile = config.age.secrets.cloudflare-tegola-apiKey.path;
          }
          {
            domain = publicDomain;
            email = email;
            cloudflareApiKeyFile = config.age.secrets.cloudflare-pasetto-apiKey.path;
          }
        ];
        dynamicdnsDomains = [
          {
            domain = publicDomain;
            cloudflareApiEnvName = "CLOUDFLARE_API_TOKEN";
          }
        ];
      };

      ddclient = {
        enable = false;
        configFile = config.age.secrets.ddclient.path;
      };

    };

    virtualisation = {
      proxmox.enable = true;
      portainer.proxy = {
        enable = true;
        domain = tsDomain;
        host = "portainer.internal";
      };
    };
  };

  # Extra packages
  environment.systemPackages = with pkgs; [ ];

  services = {
    iperf3 = {
      enable = true;
      openFirewall = true;
    };

  };

  system.stateVersion = "24.05";
}