{ pkgs, ... }:

let
  stateDir = "/var/lib/dnsmasq";
in
{
  services.dnsmasq = {
    enable = true;
    settings = {
      listen-address = "192.168.42.1";
      interface = "lo";
      expand-hosts = true;
      domain = "lan.bw.jalr.de";
      dhcp-range = "192.168.42.20,192.168.42.254,4h";
      cache-size = 10000;
      dns-forward-max = 1000;
      no-hosts = true;
      dhcp-host = [
        "00:30:42:1b:23:ed,192.168.42.59,rfp-01"
      ];
      dhcp-option = [
        "vendor:OpenMobility,10,192.168.42.59"
        "vendor:OpenMobility,224,OpenMobilitySIP-DECT"
      ];
      addn-hosts = "${pkgs.writeText "hosts.dnsmasq" ''
        192.168.42.1 aluminium unifi
      ''}";
      server = [
        "142.250.185.78" # dns.as250.net
        "2001:470:20::2" # ordns.he.net
        "74.82.42.42" # ordns.he.net
      ];
    };
  };

  networking.firewall = {
    allowedUDPPorts = [ 53 67 ];
    allowedTCPPorts = [ 53 ];
  };
}