{ pkgs, lib, ... }:
with lib;
let
  domain = "cache.nsupdate.info";
in {
  # This only works for a single domain for nsupdate.info as multiple usernames
  # and passwords are required for multiple domains
  services.ddclient = {
    enable = true;
    server = "ipv4.nsupdate.info";
    username = domain;
    password = import ((toString <secrets>) + "/nsupdate-cache.nix");
    domains = [ domain ];
    use= "if, if=et0";
    # use = "web, web=http://ipv4.nsupdate.info/myip";

  };
  krebs.cachecache = {
    enable = true;
    enableSSL = true; # disable letsencrypt for testing
    cacheDir = "/var/cache/nix-cache-cache";
    maxSize = "10g";
    indexFile = pkgs.fetchurl {
      url = "https://raw.githubusercontent.com/krebs/35c3-nixos-cache/master/index.html";
      sha256 = "1vlngzbn0jipigspccgikd7xgixksimdl4wf8ix7d30ljx47p9n0";
    };

    # assumes that the domain is reachable from the internet
    virtualHost = domain;
  };

  boot.kernelModules = [ "tcp_bbr" ];

  boot.kernel.sysctl."net.ipv4.tcp_congestion_control" = "bbr";
  boot.kernel.sysctl."net.core.default_qdisc" = "fq";
  networking.firewall.allowedTCPPorts = [ 80 443 ];
}