{config, lib, pkgs, modulesPath, ...}:

{
  services.crab-hole = {
    enable = true;
    settings = {
      api = {
	port = 8080;
	listen = "192.168.0.101";
	# optional (default = false)
	show_doc = true; # OpenAPI doc loads content from third party websites
	# optional
	admin_key = "admin";
      };
    };

    settings = {
      blocklist = {
        include_subdomains = true;
        lists = [
          #"https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn/hosts"
          "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
          "https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt"
	  "https://energized.pro/nsfw/hosts.txt"
          "https://energized.pro/antipopads-re/hosts.txt"
        ];
      };

      downstream = [
        {
          protocol = "udp";
          listen = "192.168.0.101";
          port = 53;
        }
      ];

      upstream = {
	validate = true;
        name_servers = [
          {
            socket_addr = "9.9.9.11:853";
            protocol = "tls";
            tls_dns_name = "tls://dns11.quad9.net";
            trust_nx_responses = false;
          }
        ];
      };
    };
  };

}