{
  config,
  lib,
  pkgs,
  ...
}:

let
  cfg = config.modules.services.headscale;
  fqdn = "headscale.vimium.net";
in
{
  options.modules.services.headscale = {
    enable = lib.mkOption {
      default = false;
      example = true;
    };
  };

  config = lib.mkIf cfg.enable {
    environment.systemPackages = [ pkgs.headscale ];

    services.headscale = {
      enable = true;

      port = 8080;

      settings = {
        policy.path = null;
        ip_prefixes = [
          "100.64.0.0/10"
        ];
        server_url = "https://${fqdn}";
        derp = {
          auto_update_enable = false;
          update_frequency = "24h";
        };
        dns = {
          base_domain = "mesh.vimium.net";
          extra_records = [
            {
              name = "grafana.mesh.vimium.net";
              type = "A";
              value = "100.64.0.6";
            }
            {
              name = "home.mesh.vimium.net";
              type = "A";
              value = "100.64.0.7";
            }
          ];
          magic_dns = true;
          nameservers.global = [
            "9.9.9.9"
          ];
        };
        logtail.enabled = false;
      };
    };

    services.nginx.virtualHosts = {
      "${fqdn}" = {
        forceSSL = true;
        enableACME = true;
        locations."/" = {
          proxyPass = "http://localhost:${toString config.services.headscale.port}";
          proxyWebsockets = true;
        };
      };
    };
  };
}