{ pkgs, inputs, ... }:
let
  adlist = inputs.adblock-unbound.packages.${pkgs.system};
in {
  networking.firewall.allowedUDPPorts = [ 53 ];
  networking.firewall.allowedTCPPorts = [ 53 ];

  services.unbound = {
    enable = true;
    settings = {
      server = {
        include = [
          "\"${adlist.unbound-adblockStevenBlack}\""
        ];
        interface = [ "0.0.0.0" ];
        access-control = [ "192.168.178.0/24 allow" ];
        local-zone = [
          "\"b12f.io\" static"
          "\"local\" static"
          "\"box\" static"
        ];
        local-data = [
          "\"backup.b12f.io. 10800 IN A 192.168.178.3\""
          "\"pie.local. 10800 IN A 192.168.178.2\""
          "\"fritz.box. 10800 IN A 192.168.178.1\""
        ];
      };
      forward-zone = [
        {
          name = ".";
          forward-addr = [
            "9.9.9.9@53#quad9"
            "2620:fe::fe@53#quad9"
          ];
          forward-tls-upstream = "no";
        }
      ];
    };
  };

}