{ config, lib, ... }:

let
  isAdguardHost = config.services.adguardhome.enable;

  interfaces.eth = [
    "enp*"
    "eth*"
  ];
  nameservers = {
    local = [
      "127.0.0.1"
      "::1"
    ];
    remote = [
      # LAN
      "192.168.1.102#dns.felschr.com"
      "fd1c:ca95:d74d::102#dns.felschr.com"

      # Tailnet
      "100.97.32.60#dns.felschr.com"
      "fd7a:115c:a1e0::a0a1:203c#dns.felschr.com"
    ];
  };
in
{
  networking.nameservers = if isAdguardHost then nameservers.local else nameservers.remote;
  networking.search = [
    "lan"
    "tail05275.ts.net"
  ];

  networking.nftables.enable = true;
  networking.networkmanager.dns = "systemd-resolved";

  systemd.network = {
    enable = true;
    wait-online.ignoredInterfaces = [ "tailscale0" ];
    networks = {
      "10-lan" = {
        matchConfig.Name = interfaces.eth;
        networkConfig.DHCP = "yes";
      };
    };
  };

  services.dnsmasq.enable = false;
  services.resolved = {
    enable = true;
    dnsovertls = if isAdguardHost then "opportunistic" else "true";
    fallbackDns = [
      "194.242.2.2#dns.mullvad.net"
      "194.242.2.4#base.dns.mullvad.net"
      "1.1.1.1#one.one.one.one"
      "1.0.0.1#one.one.one.one"
    ];
    extraConfig = lib.mkIf isAdguardHost ''
      DNSStubListener=no
    '';
  };
}