{ config, lib, ... }: {
    
    options.sysconfig.opts.virtualization.traefik.enable = lib.options.mkOption {
        type = lib.types.bool;
        default = false;
    };

    config = lib.mkIf config.sysconfig.opts.virtualization.traefik.enable {

        containers.traefik = {
            
            autoStart = true;
            privateNetwork = true;
            hostAddress = "192.168.100.10";
            localAddress = "192.168.100.11";
            forwardPorts = [
                {
                    containerPort = 80;
                    hostPort = 80;
                }
                {
                    containerPort = 443;
                    hostPort = 443;
                }
                {
                    containerPort = 9080;
                    hostPort = 9080;
                }
                {
                    containerPort = 9443;
                    hostPort = 9443;
                }
                {
                    containerPort = 8080;
                    hostPort = 8080;
                }
            ];

            bindMounts = {
                "/root/data" = {
                    hostPath = "/ssd1/Traefik/data";
                    isReadOnly = false;
                };
            };

            config = {

                services.traefik = {

                    enable = true;

                    dataDir = "/root/data";

                    staticConfigOptions = {
                        api = {
                            dashboard = true;

                        };
                        entryPoints = {
                            local = {
                                address = ":80";
                                http.redirections.entryPoint = {
                                    to = "localsecure";
                                    scheme = "https";
                                };
                            };
                            localsecure = {
                                address = ":443";
                            };
                            web = {
                                address = ":9080";
                                http.redirections.entryPoint = {
                                    to = "websecure";
                                    scheme = "https";
                                };
                            };
                            websecure = {
                                address = ":9443";
                                asDefault = true;
                                http.tls.certResolver = "letsencrypt";
                            };
                            log = {
                                level = "INFO";
                                filePath = "${config.services.traefik.dataDir}/traefik.log";
                                format = "json";
                            };
                            certificatesResolvers.cloudflare.acme = {
                                email = "nathanblunkall5@gmail.com";
                                storage = "${config.services.traefik.dataDir}/acme.json";
#httpChallenge.entryPoint = "web";
                                dnsChallenge = {
                                    provider = "cloudflare";
                                    resolvers = [ "1.1.1.1:53" "1.0.0.1:53" ];
#disablePropagationCheck = true;
                                };
                            };
                        };
                    };

                    dynamicConfigOptions = {};
                };

                networking.firewall.allowedTCPPorts = [ 80 443 9080 9443 8080];

                system.stateVersion = "24.05";
            };
        };
    };
}