{ config, pkgs, lib, ... }:

let
  # Récupère la liste des services depuis la configuration
  publicServices = config.services.reverse-proxy.publicServices or [];
in
{
  # Options pour le module reverse-proxy
  options.services.reverse-proxy = {
    publicServices = lib.mkOption {
      type = lib.types.listOf (lib.types.submodule {
        options = {
          host = lib.mkOption { type = lib.types.str; };
          internalHost = lib.mkOption { type = lib.types.str; };
          port = lib.mkOption { type = lib.types.int; default = 80; };
        };
      });
      default = [];
      description = "Liste des services à exposer via le reverse proxy";
    };
  };

  # Configuration de Caddy
  config = lib.mkIf (config.services.reverse-proxy.publicServices or []) != [] {
    services.caddy = {
      enable = true;
      virtualHosts = map (service: {
        host = "${service.host}.lagraula.fr";
        reverseProxy = "http://${service.internalHost}.lagraula.fr:${toString service.port}";
        tls = {
          email = config.services.caddy.email or "xavier@lagraula.fr";
        };
      }) (config.services.reverse-proxy.publicServices or []);

      # Configuration globale pour Caddy
      extraConfig = ''
        {
          # Rate limiting global (optionnel)
          rate_limit {
            requests 100
            burst 200
            interval 1m
          }
          # Logging
          log {
            output file /var/log/caddy/access.log
          }
        }
      '';
    };

    # Ouvrir les ports firewall pour HTTP/HTTPS
    networking.firewall.allowedTCPPorts = [ 80 443 ];
    networking.firewall.allowedUDPPorts = [];
  };
}