{ config, pkgs, lib, ... }:

with lib;

let
  # Version tagging
  adguardVersion = "latest";
  # Helper
  helper = import ../service-helper.nix { inherit config pkgs lib; };
  cfg = config.numbus-server.services.adguard;
  # Container config
  name = "adguard";
in

helper.mkPodmanService {
  inherit name;
  description = "AdGuard, feature-rich DNS service";
  defaultPort = "3000";
  scheme = "http";
  dataDirEnabled = false;
  startDelay = 10;
  dependencies = [
    "network.target"
  ];
  middlewares = [
    "secureHeaders"
  ];
  dirPermissions = [
    "100999:100 ${cfg.configDir}"
  ];

  composeText = ''
    services:
      adguardhome:
        image: adguard/adguardhome:${adguardVersion}
        container_name: adguard
        hostname: adguard
        network_mode: pasta
        user: '1000:1000'
        ports:
          - "${cfg.port}:3000/tcp"
          - "53:53/tcp"
          - "53:53/udp"
        volumes:
          - ${cfg.configDir}/work:/opt/adguardhome/work
          - ${cfg.configDir}/config:/opt/adguardhome/conf
        cap_add:
          - SYS_NICE
        security_opt:
          - no-new-privileges:true
        restart: unless-stopped
  '';
}