{config, pkgs, ...}:

let

  domain = "enclave.ctsk.dev";
  port = 10020;

in {

  services.headscale = {
    address = "127.0.0.1";
    port = port;
    settings = {
      server_url = "https://${domain}";
      dns.base_domain = "m.${domain}";
    };
  };

  services.nginx.virtualHosts."${domain}" = {
    forceSSL = true;
    useACMEHost = "enclave.ctsk.dev";
    locations."/".proxyPass = "http://127.0.0.1:${toString port}";
    locations."/".proxyWebsockets = true;
  };
  
  environment.systemPackages = [ pkgs.headscale ];

}