{ config, pkgs, lib, ... }:

with lib;

let
  # Version tagging
  adguardVersion = "latest";
  # Helper
  helper = import ./lib.nix { inherit config pkgs lib; };
  cfg = config.numbus.services.adguard;
  # Container config
  name = "adguard";
in

helper.mkPodmanService {
  inherit name;
  description = "AdGuard, feature-rich DNS service";
  pod = "false";
  defaultPort = "3000";
  scheme = "http";
  dependencies = [ "network.target" ];
  dataDirEnabled = false;
  startDelay = 10;
  middlewares = [ "secureHeaders" ];
  dirPermissions = [
    "100999:100 ${cfg.configDir}"
  ];

# Compose file good
  composeText = ''
    services:
      adguardhome:
        image: adguard/adguardhome:${adguardVersion}
        container_name: adguard
        hostname: adguard
        network_mode: pasta
        user: '1000:1000'
        ports:
          - "3000:3000/tcp"
          - "53:53/tcp"
          - "53:53/udp"
        volumes:
          - ${cfg.configDir}/work:/opt/adguardhome/work
          - ${cfg.configDir}/config:/opt/adguardhome/conf
        cap_add:
          - SYS_NICE
        security_opt:
          - no-new-privileges:true
        restart: unless-stopped
  '';
}