{ self, ... }:
{
  flake.domain = "heimfeld.hamburg";
  flake.machines.tharos = {
    nixos =
      { ... }:
      {
        networking.firewall.allowedTCPPorts = [
          80
          443
        ];

        services.caddy = {
          enable = true;
          email = "redaktion@${self.domain}";
        };
      };

    vm =
      { pkgs, ... }:
      {
        services.caddy.globalConfig = ''
          local_certs
        '';

        systemd.services.caddy.path = [ pkgs.nssTools ]; # Irrelevante Warnung unterdrücken
      };
  };
}