{ ... }: {
  services.caddy = {
    enable = true;
    virtualHosts =
      let
        local_tls = ''
          tls {
            issuer internal {
              ca local
            }
          }
        '';
      in
      {
        "localhost" = {
          logFormat = "output discard";
          extraConfig = ''
            ${local_tls}
            acme_server {
              allow {
                domains *.test *.localhost
              }
            }
          '';
        };
        # need to test forwarding behaviour
        "alanpearce.localhost" = {
          logFormat = "output discard";
          serverAliases = [
            # remember to update /etc/hosts
            "alanpearce.test"
          ];
          extraConfig = ''
            ${local_tls}
            reverse_proxy http://alanpearce.localhost:8080 {
              transport http {
                dial_timeout 1s
                compression off
              }
            }
          '';
        };
        "searchix.localhost" = {
          logFormat = "output discard";
          extraConfig = ''
            reverse_proxy http://localhost:3000 {
              transport http {
                dial_timeout 1s
                compression off
              }
            }
          '';
        };
        "perplexica-backend.localhost" = {
          logFormat = "output discard";
          extraConfig = ''
            reverse_proxy http://localhost:8339 {
              transport http {
                dial_timeout 1s
                compression off
              }
            }
          '';
        };
        "perplexica.localhost" = {
          logFormat = "output discard";
          extraConfig = ''
            reverse_proxy http://localhost:8338 {
              transport http {
                dial_timeout 1s
                compression off
              }
            }
          '';
        };
      };
  };
}