{ pkgs, config, ... }:

{

  dns.zones."ctu.cx".subdomains."ip"       = (pkgs.dns.lib.combinators.host config.networking.primaryIP4 config.networking.primaryIP);
  dns.zones."ctu.cx".subdomains."ip4".A    = [ (pkgs.dns.lib.combinators.a    config.networking.primaryIP4) ];
  dns.zones."ctu.cx".subdomains."ip6".AAAA = [ (pkgs.dns.lib.combinators.aaaa config.networking.primaryIP) ];

  services.nginx.virtualHosts."ip.${config.networking.domain}" = {
    enableACME = true;
    forceSSL   = true;
    kTLS       = true;
    locations."/" = {
      extraConfig = "types { } default_type 'text/html; charset=utf-8';";
      return      = ''200 '
        <!DOCTYPE html>
        <html>
          <head>
            <title>ip.${config.networking.domain}</title>
          </head>
          <body>
            <h1>ip.${config.networking.domain}</h1>
            <ul>
              <li><span style="user-select: none;"><b>IPv6:</b> </span><span id="ip6">Loading...</span></li>
              <li><span style="user-select: none;"><b>IPv4:</b> </span><span id="ip4">Loading...</span></li>
            </ul>
            <p>Use bash and curl: <code>curl ip{4,6}.${config.networking.domain}</code></p>
            <p><small>Because any other "Whats my IP?"-tool sucks. <a href="https://git.clerie.de/clerie/ip.clerie.de">Host yourself :3</a></small></p>

            <script>
              window.addEventListener("DOMContentLoaded", (event) => {
                [ "ip6", "ip4" ].forEach(async (ipVersion) => {
                  try {
                    const url      = "https://" + ipVersion + ".${config.networking.domain}/";
                    const response = await fetch(url + ((/\?/).test(url) ? "&" : "?") + (new Date()).getTime());
                    if(response.status != 200) {
                      document.getElementById(ipVersion).innerText = "Error!";
                    } else {
                      document.getElementById(ipVersion).innerText = await response.text();
                    }
                  } catch {
                    document.getElementById(ipVersion).innerText = "Error!";
                  }
                });
              });
            </script>
          </body>
        </html>'
      '';
    };
  };

  services.nginx.virtualHosts."ip4.${config.networking.domain}" = {
    enableACME = true;
    forceSSL   = true;
    kTLS       = true;
    locations."/" = {
      return      = "200 '$remote_addr\n'";
      extraConfig = ''
        types { } default_type "text/plain; charset=utf-8";
        add_header Access-Control-Allow-Origin *;
      '';
    };
  };

  services.nginx.virtualHosts."ip6.${config.networking.domain}" = {
    enableACME = true;
    forceSSL   = true;
    kTLS       = true;
    locations."/" = {
      return      = "200 '$remote_addr\n'";
      extraConfig = ''
        types { } default_type "text/plain; charset=utf-8";
        add_header Access-Control-Allow-Origin *;
      '';
    };
  };
  
}