{ config, lib, ... }:
with lib;
let
  cfg = config.nixfiles.modules.acme;
in
{
  imports = [
    (mkAliasOptionModule [ "certs" ] [
      "security"
      "acme"
      "certs"
    ])
  ];

  options.nixfiles.modules.acme = {
    enable = mkEnableOption "ACME";

    email = mkOption {
      description = "Email for notifications.";
      type = with types; str;
      default = "admin+acme@${my.domain.shire}";
    };
  };

  config = mkIf cfg.enable {
    ark.directories = [ "/var/lib/acme" ];

    security.acme = {
      acceptTerms = true;
      defaults = {
        inherit (cfg) email;
        validMinDays = 60;
      };
    };
  };
}