{ config, lib, ... }: {

    options.sysconfig.opts.virtualization.pihole.enable = lib.options.mkOption {
        type = lib.types.bool;
        default = false;
    };


    config = lib.mkIf config.sysconfig.opts.virtualization.pihole.enable {
        sops.secrets."pihole/pass" = {};

        sops.templates."pihole.env" = {
            content = ''
                WEBPASSWORD=${config.sops.placeholder."pihole/pass"}
            '';

            path = "/ssd1/Pihole/.env";
        };

        containers.pihole = {

            autoStart = true;
            privateNetwork = true;
            hostAddress = "192.168.100.10";
            localAddress = "192.168.100.28";

            config = {
                networking.firewall.allowedTCPPorts = [ 80 ];

                services = {
                    pihole-web = {
                        enable = true;

                        ports = [ "80r" ];
                    };

                    pihole-ftl = {
                        enable = true;

                        openFirewallDNS = true;
                    };

                    unbound = {
                        enable = true;
                    };
                };

                system.stateVersion = "24.05";
            };
        };

    };
    
}