{ config, lib, ... }:
{
  services = {
    adguardhome = {
      enable = true;
      openFirewall = false;
      mutableSettings = false;

      settings = {
        http = {
          address = "127.0.0.1:3000";
        };

        dns = {
          bind_hosts = [ "127.0.0.1" ];
          port = 53;

          upstream_dns = [
            "9.9.9.9"
            "149.112.112.112"
          ];
          fallback_dns = [
            "1.1.1.1"
            "1.0.0.1"
          ];
          bootstrap_dns = [
            "9.9.9.9"
            "149.112.112.112"
          ];
        };

        filtering = {
          rewrites = [
            # searxng
            {
              domain = "search.internal";
              answer = "127.0.0.1";
            } 
            # adguard
            {
              domain = "dns.internal";
              answer = "127.0.0.1";
            } 
          ];
        };
      };
    };

    nginx ={
			enable = true;
	    recommendedGzipSettings = true;
	    recommendedOptimisation = true;
	    recommendedProxySettings = true;

      virtualHosts = {
        "dns.internal" = {
          locations."/" = {
            proxyPass = "http://127.0.0.1:3000";
            proxyWebsockets = true;
          };
        };
      };
    };
  };

  networking = {
    nameservers = [
      "127.0.0.1"
    ];

    hosts = {
      "127.0.0.1" = [
        "dns.internal"
        "search.internal"
      ];
    };
  };
}