{ config, ... }:
{
  services.caddy = {
    enable = true;
    email = "ca@${config.networking.domain}";
    logFormat = "format console";
  };
  systemd.services.caddy.environment.XDG_DATA_HOME = "/var/lib";
  networking.firewall.allowedTCPPorts = [ 80 443 ];
  networking.firewall.allowedUDPPorts = [ 443 ];
}