{ currentSystem, nodes, config, lib, pkgs, ... }:

with lib;

let
  cfg = config.dns;

in {

  options.dns = {
    enable = mkEnableOption "nix-powered DNS";

    # contains dns entries defined on the local host
    zones = mkOption {
      type    = lib.types.attrsOf pkgs.dns.lib.types.subzone;
      default = {};
    };

    # contains dns entries defined on the local host and on remote hosts, merged together
    allZones = mkOption {
      type    = lib.types.attrsOf pkgs.dns.lib.types.zone;
      default = {};
    };

    # zones not generated by nix-dns, for example secondaries
    extraZones = mkOption {
      type    = lib.types.listOf lib.types.attrs;
      default = [];
    };
  };

  config = mkIf cfg.enable {
    networking.firewall.allowedTCPPorts = [ 53 ];
    networking.firewall.allowedUDPPorts = [ 53 ];

    # serve records defined in all host configs
    dns.allZones = mkMerge (
      mapAttrsToList (
        name: host: host.config.dns.zones
      ) nodes
    );

    systemd.services.bind.preStart = ''
      mkdir -p /var/lib/bind
      chown named /var/lib/bind
    '';

    services.bind = {
      enable = true;
      zones = (
        mapAttrsToList (
          name: zone: {
            inherit name;
            master = true;
            slaves = [ "any" ];
            file = pkgs.dns.util."${currentSystem}".writeZone name zone;
          }
        ) cfg.allZones
      ) ++ cfg.extraZones;
    };
  };

}