{ config, pkgs, lib, ... }:

let 
  adguard_webui_port = 3031;
  adguard_dns_port = "5300";
  dnscrypt_listen_port = "5353";
in
{
  services = {
    dnsmasq = {
      enable = true;
      # adguard port
      servers = [ "127.0.0.1#${adguard_dns_port}" ];
      extraConfig = ''
        localise-queries
        min-cache-ttl=120
        max-cache-ttl=2400
      '';
    };

    adguardhome = {
      enable = true;
      port = adguard_webui_port;
    };

    dnscrypt-proxy2 = {
      enable = true;
      settings = {
        listen_addresses = [ "127.0.0.1:${dnscrypt_listen_port}" ];
        ipv4_servers = true;
        ipv6_servers = false;
        block_ipv6 = true;
        dnscrypt_servers = true;
        doh_servers = true;
        require_nolog = true;
        require_nofilter = true;
        timeout = 350;
        lb_strategy = "p4";
        lb_estimator = true;
        ignore_system_dns = true;
        fallback_resolvers = [ "1.1.1.1:53" "9.9.9.9:53" ];
        cache_min_ttl = 450;
        cache_max_ttl = 2400;
      };
    };
  };
}