{ pkgs, lib, ... }:
/*
  TODO: Eventually, when my proxy/DNS/VPN mess is working like I want.
  This should be switched to service.adguard  not a container
*/
{
  # Containers
  virtualisation.oci-containers.containers."adguard-adguard" = {
    image = "adguard/adguardhome:latest";
    volumes = [
      "/etc/adguard/confdir:/opt/adguardhome/conf:rw"
      "/etc/adguard/workdir:/opt/adguardhome/work:rw"
      "/var/lib/acme:/opt/adguardhome/work/acme:ro"
    ];
    ports = [
      "53:53/tcp"
      "53:53/udp"
      "853:853/tcp"
      "3000:3000/tcp"
    ];
    log-driver = "journald";
    extraOptions = [
      "--network-alias=adguard"
      "--network=adguard_default"
    ];
  };
  systemd.services."docker-adguard-adguard" = {
    serviceConfig = {
      Restart = lib.mkOverride 90 "always";
      RestartMaxDelaySec = lib.mkOverride 90 "1m";
      RestartSec = lib.mkOverride 90 "100ms";
      RestartSteps = lib.mkOverride 90 9;
    };
    after = [
      "docker-network-adguard_default.service"
    ];
    requires = [
      "docker-network-adguard_default.service"
    ];
    partOf = [
      "docker-compose-adguard-root.target"
    ];
    wantedBy = [
      "docker-compose-adguard-root.target"
    ];
  };

  # Networks
  systemd.services."docker-network-adguard_default" = {
    path = [ pkgs.docker ];
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = true;
      ExecStop = "docker network rm -f adguard_default";
    };
    script = ''
      docker network inspect adguard_default || docker network create adguard_default
    '';
    partOf = [ "docker-compose-adguard-root.target" ];
    wantedBy = [ "docker-compose-adguard-root.target" ];
  };

  # Root service
  # When started, this will automatically create all resources and start
  # the containers. When stopped, this will teardown all resources.
  systemd.targets."docker-compose-adguard-root" = {
    unitConfig = {
      Description = "Root target generated by compose2nix.";
    };
    wantedBy = [ "multi-user.target" ];
  };
}