{
  lib,
  config,
  ...
}:
let
  cfg = config.my.servers.atticd;
  setup = import ./setup.nix { inherit lib config; };
in
{
  options.my.servers.atticd = setup.mkOptions "atticd" "cache" 2343;
  config = lib.mkIf cfg.enable {
    sops.secrets."private_cache_keys/attic".sopsFile = ../../secrets/keys.yaml;
    services = {
      atticd = {
        enable = true;
        environmentFile = config.sops.secrets."private_cache_keys/miniserver".path;
        settings = {
          listen = "[::]:${toString cfg.port}";
          jwt = { };
          chunking = {
            nar-size-threshold = 64 * 1024; # 64 KiB
            min-size = 16 * 1024; # 16 KiB
            avg-size = 64 * 1024; # 64 KiB
            max-size = 256 * 1024; # 256 KiB
          };
        };
      };
      nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
        setup.proxyReverse cfg.hostName cfg.port // { }
      );
    };
  };
}