{ config, lib, ... }:

with lib;

let
  generateCoreDNSConfig = domains:
    let
      generateForDomain = domain: conf:
        concatMapStrings
          (iface:
            let
              architectIP = config.architect.networks.${iface}.devices.architect.address;
              interfaceNet = config.architect.networks.${iface}.net;
            in
            ''
              ${domain} {
                view ${iface} {
                  expr incidr(client_ip(), '${interfaceNet}')
                }

                template IN A ${domain} {
                  answer "${domain}. 60 IN A ${architectIP}"
                }

                template IN HTTPS ${domain} {
                  answer "${domain}. 60 IN HTTPS 1 . ipv4hint=\"${architectIP}\""
                }

                cache
                log
              }
            ''
          )
          conf.dnsInterfaces;
    in
    concatStrings (mapAttrsToList generateForDomain domains);

  # Combine vhosts and the single domain
  allDomains = config.architect.vhost // {
    "architect.devs.giugl.io" = { dnsInterfaces = [ "lan" "tailscale" ]; };
  };
  domain = "adguard.giugl.io";
in
{
  architect.vhost.${domain} = with config.architect.networks; {
    dnsInterfaces = [ "tailscale" "lan" ];
    locations."/" = {
      port = config.services.adguardhome.port;
      allowLan = true;

      allow = [
        tailscale.net
      ];
    };
  };

  services = {
    coredns = {
      enable = true;
      config = ''
        ${generateCoreDNSConfig allDomains}
                          
        . {
          cache
          forward . 45.90.28.77 45.90.30.77
        }
      '';
    };
  };
}