{
  config,
  lib,
  ...
}: let
  inherit (lib.options) mkOption;
  inherit (lib.modules) mkOptionDefault;
  cfg = config.services.keycloak;
in {
  options.services.keycloak = with lib.types; {
    protocol = mkOption {
      type = enum ["http" "https"];
      readOnly = true;
    };
    port = mkOption {
      type = port;
      readOnly = true;
    };
  };
  config.services.keycloak = {
    protocol = mkOptionDefault (
      if cfg.sslCertificate != null
      then "https"
      else "http"
    );
    port = mkOptionDefault cfg.settings."${cfg.protocol}-port";
  };
}