{ config, lib, pkgs, ... }:

with lib;
let
  hostname = config.instance.hostname;
  domain-name = config.instance.local-domain;
  domain = config.fudo.domains.${domain-name};

  served-domain = domain.primary-nameserver != null;

  is-primary-nameserver = hostname == domain.primary-nameserver;

  primary-nameserver = domain.primary-nameserver;
  primary-nameserver-ip = pkgs.lib.network.host-ipv4 config primary-nameserver;

in {
  config = mkIf (served-domain) {
    fudo.dns = {
      enable = is-primary-nameserver;

      identity = "${hostname}.${domain-name}.";

      nameservers = {
        ns1 = {
          ipv4-address = primary-nameserver-ip;
          description = "Primary ${domain-name} nameserver";
        };
      };

      listen-ips = optionals is-primary-nameserver
        (pkgs.lib.network.host-ips config hostname);

      domains = {
        ${domain-name} = {
          dnssec = true;
          default-host = primary-nameserver-ip;
          gssapi-realm = domain.gssapi-realm;
          mx = optional (domain.primary-mailserver != null)
            domain.primary-mailserver;
          dmarc-report-address = "dmarc-report@${domain-name}";

          zone-definition = let
            zone = config.fudo.zones.${domain-name};

            make-dns-srv-record = hostname: {
              port = 53;
              host = hostname;
            };
          in zone // {
            srv-records = {
              tcp.domain = map make-dns-srv-record [ "ns1.${domain-name}" ];
              udp.domain = map make-dns-srv-record [ "ns1.${domain-name}" ];
            };
          };
        };
      };
    };
  };
}