{ config }:
let
  domain = "headscale.hoyer.xyz";
in
{
  services = {
    headscale = {
      enable = true;
      address = "0.0.0.0";
      port = 8080;
      server_url = "https://${domain}";
      dns = {
        baseDomain = "hoyer.tail";
      };
      settings = {
        logtail.enabled = false;
      };
    };

    nginx.virtualHosts.${domain} = {
      useACMEHost = "hoyer.xyz";
      forceSSL = true;
      enableACME = true;
      locations."/" = {
        proxyPass = "http://localhost:${toString config.services.headscale.port}";
        proxyWebsockets = true;
      };
    };
  };

  environment.systemPackages = [ config.services.headscale.package ];
}