{
  config,
  lib,
  ...
}:
with lib; let
  cfg = config.nixfiles.modules.alertmanager;
in {
  options.nixfiles.modules.alertmanager = {
    enable = mkEnableOption "Alertmanager";

    port = mkOption {
      description = "Port.";
      type = with types; port;
      default = 30112;
    };

    domain = mkOption {
      description = "Domain name sans protocol scheme.";
      type = with types; nullOr str;
      default = "alertmanager.${config.networking.domain}";
    };
  };

  config = mkIf cfg.enable {
    nixfiles.modules.nginx = with cfg; {
      enable = true;
      upstreams.alertmanager.servers."127.0.0.1:${toString cfg.port}" = {};
      virtualHosts.${cfg.domain} = {
        locations."/".proxyPass = "http://alertmanager";
        extraConfig = nginxInternalOnly;
      };
    };

    services.prometheus.alertmanager = {
      enable = true;

      listenAddress = "127.0.0.1";
      inherit (cfg) port;

      extraFlags = ["--web.external-url=https://${cfg.domain}"];

      configuration = {
        global = {
          smtp_from = "alertmanager@${my.domain.shire}";
          smtp_smarthost = "${my.domain.shire}:584";
        };

        route = {
          receiver = my.username;
          group_by = ["alertname"];
        };

        receivers = [
          {
            name = my.username;
            email_configs = [{to = "${my.username}+alert@${my.domain.shire}";}];
          }
        ];
      };
    };
  };
}