{ config, ... }:

let hn = config.networking.hostName; in {
  networking = {
    domain = config.constants.domain;
    firewall = {
      allowedTCPPorts = with config.constants.port; [ http https ];
    };
    hostId = "2cadb253";
    nftables.enable = true;
  };

  services = {
    cloudflare-dyndns = {
      enable = true;
      apiTokenFile = config.sops.secrets."cloudflare/${hn}".path;
      domains = builtins.attrNames config.services.caddy.virtualHosts;
    };
    openssh.enable = true;
  };

  sops.secrets."cloudflare/${hn}" = { };
}