{
  config,
  lib,
  ...
}:
let
  inherit (config.machine.uptime-kuma)
    domain
    enable
    port
    ;
in
with lib; mkIf enable {
  services.uptime-kuma = {
    inherit enable;
    settings = {
      PORT = toString port;
    };
  };

  services.nginx.virtualHosts = with lib; mkIf (domain != null) {
    "${domain}" = {
      forceSSL = true;
      enableACME = true;
      locations."/" = {
        proxyPass = "http://127.0.0.1:${toString port}";
        proxyWebsockets = true;
      };
    };
  };

  networking.firewall = {
    allowedTCPPorts = [ port ];
  };
}