{config, pkgs, lib, ...}: let
  localCfg = config.myNixOS.mitmproxy;
in {
  options.myNixOS.mitmproxy = {
    routeAP = lib.mkEnableOption { default = true; };
    accessPoint = lib.mkOption {
      type = lib.types.str;
    };
    mitmPort = lib.mkOption { default = 8080; };
  };

  environment.systemPackages = [ pkgs.mitmproxy ];

  networking.firewall = lib.mkIf localCfg.routeAP {
    extraCommands = let 
      accessPoint = localCfg.accessPoint; 
      port = localCfg.mitmPort;
    in /*bash*/ ''
      iptables -t nat -A PREROUTING -i ${accessPoint} -p tcp --dport 80 -j REDIRECT --to-port ${builtins.toString port}
      iptables -t nat -A PREROUTING -i ${accessPoint} -p tcp --dport 443 -j REDIRECT --to-port ${builtins.toString port}
    '';
    allowedTCPPorts = [ localCfg.mitmPort ];
  };
}