{ lib, config, ... }:

{
  entryPoints = {
    web = {
      address = ":80";
      asDefault = true;
      http.redirections.entrypoint = {
        to = "websecure";
        scheme = "https";
      };
    };

    websecure = {
      address = ":443";
      http.tls.certResolver = "letsencrypt";
    };

    metrics = {
      address = ":8082";
    };
  };

  api = {
    dashboard = true;
    insecure = true;
  };

  certificatesResolvers = {
    letsencrypt = {
      acme = {
        email = "david.mikael@proton.me";
        storage = "/var/lib/traefik/acme.json";
        # httpChallenge = {
        #   entryPoint = "web";
        # };
        dnsChallenge = {
          provider = "cloudflare";
          delayBeforeCheck = 10;
          resolvers = [ "1.1.1.1:53" "8.8.8.8:53" ];
        };
      };
    };
  };

  metrics = {
    prometheus = {
      entryPoint = "metrics";
    };
  };

  log = {
    level = "DEBUG";
    filePath = "/var/log/traefik/traefik.log";
  };

  accessLog = {
    format = "json";
    filePath = "/var/log/traefik/access.log";
  };
}