{ config, pkgs, lib, ... }: {
  imports = [ ./base.nix ];
  config = {
    sops.secrets = {
      cloudflare-api.sopsFile = ../../secrets/env.yaml;

      dns = {
        sopsFile = ../../secrets/env.yaml;
        owner = config.users.users.jawz.name;
        inherit (config.users.users.jawz) group;
      };
    };
    services.cloudflare-dyndns = {
      enable = true;
      ipv4 = true;
      ipv6 = false;
      proxied = false;
      domains = [ config.my.domain ];
      apiTokenFile = config.sops.secrets.cloudflare-api.path;
    };
    my.scripts.update-dns = {
      enable = lib.mkDefault false;
      install = true;
      service = true;
      name = "update-dns";
      timer = "*:0/30";
      description = "Updates the IP of all my domains";
      package = let
        update-dns = pkgs.writeScriptBin "update-dns"
          (builtins.readFile ../../scripts/update-dns.sh);
      in pkgs.writeScriptBin "update-dns" ''
        set -a &&
        source ${config.sops.secrets.dns.path} &&
        set -a &&
        ${update-dns}/bin/update-dns;
      '';
    };
  };
}