{ config, lib, ... }:

with lib;

let
  mkServiceOption = { desc, defaultEnabled ? false, extraOpts ? {} }: mkOption {
    description = desc;
    default = {};
    type = types.submodule {
      options = {
        enable = mkEnableOption desc // { default = defaultEnabled; };
      } // extraOpts;
    };
  };
in
{
  options = {
    sACME = mkServiceOption { desc = "ACME DNS Challenge"; };

    sROUNDCUBE = mkServiceOption {
      desc = "Roundcube webapp";
      extraOpts = {
        port = mkOption { type = types.port; default = 1984; };
      };
    };

    sVAULTWARDEN = mkServiceOption {
      desc = "Vaultwarden service";
      extraOpts = {
        externalPort = mkOption { type = types.port; default = 8000; };
        internalPort = mkOption { type = types.port; default = 8222; };
      };
    };

    sSEARXNG = mkServiceOption {
      desc = "SearXNG meta-search engine";
      extraOpts = {
        port = mkOption { type = types.port; default = 1692; };
      };
    };

    sTAILSCALE = mkServiceOption {
      desc = "Tailscale VPN";
      defaultEnabled = true;
    };

    sNEWT = mkServiceOption { desc = "Newt custom wireguard tunnel"; };

    HostName = mkOption {
      type = types.str;
      default = "${config.networking.hostName}.ssh.wateir.fr";
      description = "Global hostname with domain for all services";
    };
  };
}