{ config, lib, pkgs, ... }: {

    options.sysconfig.opts.virtualization.pihole.enable = lib.options.mkOption {
        type = lib.types.bool;
        default = false;
    };

    config = lib.mkIf config.sysconfig.opts.virtualization.pihole.enable {
        
        sops.templates."pihole.env" = {
            content = ''
                WEBPASSWORD=${config.sops.placeholder."pihole/pass"}
            '';

            path = "/ssd1/Pihole/.env";
        };
        systemd.services.launchPihole = {

            enable = true;
            
            wantedBy = [ "multi-user.target" ];

            script = ''
                cd /ssd1/Pihole
                ${pkgs.docker-compose}/bin/docker-compose up
            '';
        };

        containers.unbound = {
            
            autoStart = true;
            privateNetwork = true;
            hostAddress = "192.168.100.10";
            localAddress = "192.168.100.15";

            config = {
                
                services.unbound = {
                    enable = true;
                    
                    settings = {
                        server = {
                            interface = [ "127.0.0.1" ];

                            port = 5335;

                            do-ipv4 = "yes";

                            do-udp = "yes";

                            do-tcp = "yes";

                            do-ipv6 = "no";

                            perfer-ipv6 = "no";

                            harden-glue = "yes";

                            harden-dnssec-stripped = "yes";

                            use-caps-for-id = "no";

                            edns-buffer-size = 1232;

                            prefetch = "yes";

                            num-threads = 1;

                            so-rcvbuf = "1m";

                            private-address = [ 
                                "192.168.0.0/16"
                                "169.254.0.0/16"
                                "172.16.0.0/12"
                                "10.0.0.0/8"
                                "fd00::/8"
                                "fe80::/10"
                            ];
                        };
                    };
                };
            };
        };
    };
}