{
  config,
  lib,
  pkgs,
  namespace,
  ...
}:
with lib;
let
  name = "nebula-lighthouse";
  cfg = config.${namespace}.services.${name};
  rootUrl = "https://lighthouse.${namespace}.dev/";
  ca = config.sops.secrets."pi5/nebula/ca-cert".path;
  cert = config.sops.secrets."pi5/nebula/lighthouse-cert".path;
  key = config.sops.secrets."pi5/nebula/lighthouse-key".path;

  nebulaConfig = lib.${namespace}.mkModule {
    inherit config name;
    description = "nebula";
    options = { };
    moduleConfig = {
      environment.systemPackages = with pkgs; [ nebula ];
      services.nebula.networks = {
        jallen-nebula = {
          enable = true;
          enableReload = true;
          isLighthouse = true;
          ca = ca;
          cert = cert;
          key = key;
          lighthouse = {
            dns = {
              enable = true;
              host = "localhost";
              port = 53;
            };
          };
          listen = {
            host = cfg.listenAddress;
            port = cfg.port;
          };
          # lighthouses = [
          #   "10.1.1.1"
          # ];
        };
      };
    };
  };
in
{
  imports = [
    nebulaConfig
    ./sops.nix
  ];
}