{ config, pkgs, lib, ... }:

{
  services = {
    dnsmasq = {
      enable      = true;
      servers     = ["127.0.0.1#5353"];
      extraConfig = ''
            localise-queries
            min-cache-ttl=120
            max-cache-ttl=2400
            addn-hosts=/etc/adblock_hosts
      '';
    };

    dnscrypt-proxy2 = {
      enable = true;
      settings = {
        listen_addresses   = ["127.0.0.1:5353"];
        ipv4_servers       = true;
        ipv6_servers       = false;
        block_ipv6         = true;
        dnscrypt_servers   = true;
        doh_servers        = true;
        require_nolog      = true;
        require_nofilter   = true;
        timeout            = 350;
        lb_strategy        = "p4";
        lb_estimator       = true;
        ignore_system_dns  = true;
        fallback_resolvers = ["1.1.1.1:53" "9.9.9.9:53"];
        cache_min_ttl = 450;
        cache_max_ttl = 2400;
      };
    };
  };

  systemd = {
    timers.update-adblock = {
      wantedBy = [ "timers.target" ];
      partOf = [ "update-adblock.service" ];
      timerConfig.OnCalendar = "daily";
    };

    services.update-adblock = {
      serviceConfig.Type = "oneshot";
      requiredBy = [ "dnsmasq.service" ];
      postStop = "systemctl restart dnsmasq";
      script = ''
      #!/bin/sh

        EASYLIST_HOSTSNAME="easylist_hosts.txt"
        EASYPRIVACY_HOSTSNAME="easyprivacy_hosts.txt"
        STEVENBLACK_HOSTSNAME="stevenblack_hosts.txt"

        get_easylist() {
        EASYLIST_URL="https://raw.githubusercontent.com/easylist/easylist/master/easylist/easylist_adservers.txt"

        tmpfile=`mktemp`

    # download easylist
        ${pkgs.wget}/bin/wget $EASYLIST_URL -O $tmpfile

    # remove IP addresses and prepend 0.0.0.0 to create hosts file
        cat $tmpfile | egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" | grep -oP "^\|\|(\K[a-zA-Z0-9\.\-]+)" | ${pkgs.gawk}/bin/gawk '{print "0.0.0.0 " $0}' > $EASYLIST_HOSTSNAME

        rm $tmpfile
        }

        get_easyprivacy() {
        EASYLIST_URL="https://raw.githubusercontent.com/easylist/easylist/master/easyprivacy/easyprivacy_trackingservers.txt"

        tmpfile=`mktemp`

    # download easylist
        ${pkgs.wget}/bin/wget $EASYLIST_URL -O $tmpfile

    # remove IP addresses and prepend 0.0.0.0 to create hosts file

        cat $tmpfile | egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" | grep -oP "^\|\|(\K[a-zA-Z0-9\.\-]+)" | ${pkgs.gawk}/bin/gawk '{print "0.0.0.0 " $0}' > $EASYPRIVACY_HOSTSNAME

        rm $tmpfile
        }

        get_stevenblack() {
        STEVENBLACK_URL="https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts"

        ${pkgs.wget}/bin/wget $STEVENBLACK_URL -O $STEVENBLACK_HOSTSNAME
        }


        get_easylist
        get_easyprivacy
        get_stevenblack


# create unified file

        cat *hosts.txt | sort | uniq | grep "^0" > /etc/adblock_hosts

        rm $EASYLIST_HOSTSNAME $STEVENBLACK_HOSTSNAME $EASYPRIVACY_HOSTSNAME

      '';
    };
  };
}