{
  config,
  lib,
  pkgs,
  ...
}:

let
  cfg = config.services.fcuny-net;

  # Import your site - you'll need to adjust the path relative to this module
  fcunyNet = import ../../src/fcuny.net { inherit pkgs; };
in
{
  options.services.fcuny-net = {
    enable = lib.mkEnableOption "fcuny.net static site";

    domain = lib.mkOption {
      type = lib.types.str;
      default = "fcuny.net";
      description = "Domain name for the site";
    };

    port = lib.mkOption {
      type = lib.types.port;
      default = 80;
      description = "Port to serve the site on";
    };

    enableSSL = lib.mkOption {
      type = lib.types.bool;
      default = false;
      description = "Enable SSL/TLS with Let's Encrypt";
    };
  };

  config = lib.mkIf cfg.enable {
    services.nginx = {
      enable = true;
      virtualHosts.${cfg.domain} = {
        root = fcunyNet.site;

        # SSL configuration
        enableACME = cfg.enableSSL;
        forceSSL = cfg.enableSSL;

        locations."/" = {
          tryFiles = "$uri $uri/ =404";
        };

        extraConfig = ''
          # Cache static assets
          location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ {
            expires 1y;
            add_header Cache-Control "public, immutable";
          }
        '';
      };
    };

    # Open firewall
    networking.firewall.allowedTCPPorts = [ cfg.port ] ++ lib.optional cfg.enableSSL 443;

    # ACME/Let's Encrypt setup if SSL is enabled
    security.acme = lib.mkIf cfg.enableSSL {
      acceptTerms = true;
      defaults.email = "franck@fcuny.net";
    };
  };
}