{ config, lib, pkgs, ... }:

with lib;

let
  routerCfg = config.services.router;
  dhcpCfg = config.services.router.dhcp;
  cfg = config.services.router.recursiveDns;
in {
  options.services.router.recursiveDns = {
    enable = mkEnableOption "router recursive dns service";

    networkIdIp = mkOption {
      type = types.str;
      example = "192.168.0.0";
      description = ''
        Network ID IP of local network.
      '';
    };
  };

  config = mkIf cfg.enable {
    services.unbound = let
      revIpDomain = concatStringsSep "."
        (reverseList (take 3 (splitString "." cfg.networkIdIp)));
    in {
      enable = true;
      interfaces = [ "127.0.0.1" routerCfg.internalRouterIP ];
      allowedAccess = [
        "127.0.0.0/24"
        "${cfg.networkIdIp}/${toString routerCfg.internalPrefixLength}"
      ];
      extraConfig = mkIf dhcpCfg.enable ''
        # Custom configuration (leave this note to assure indentation!)
          do-not-query-localhost: no
          private-domain: "${dhcpCfg.localDomain}."
          domain-insecure: "${dhcpCfg.localDomain}."
          private-domain: "${revIpDomain}.in-addr.arpa."
          domain-insecure: "${revIpDomain}.in-addr.arpa."
          local-zone: "${revIpDomain}.in-addr.arpa" transparent

          forward-zone:
              name: "${dhcpCfg.localDomain}."
              forward-addr: 127.0.0.1@${toString dhcpCfg.localDnsPort}

          forward-zone:
              name: "${revIpDomain}.in-addr.arpa."
             forward-addr: 127.0.0.1@${toString dhcpCfg.localDnsPort}
      '';
    };
  };
}