{ config, pkgs, lib, ...}:

{
  networking.firewall.interfaces.ens19.allowedUDPPorts = [ 53 ];
  services.coredns = {
    enable = true;
    config = ''
      .:53 {
        log
        cache
        unbound
      }
    '';
    package = lib.fix (self: (pkgs.buildGoModule {
      inherit (pkgs.coredns) pname version src postPatch;

      patches = pkgs.coredns.patches or [ ] ++ [
        ./coredns-unbound.patch
      ];

      buildInputs = [ pkgs.unbound ];

      vendorSha256 = "sha256-48S1oT+5uT6d+AM8u93AOTbJkW3CLtaowGv+th3cfyM=";

      preBuild = ''
        go generate

        postInstall () {
          cp go.mod $out
        }
      '';

    }).overrideAttrs(old: {
      preBuild = ''
        cp ${self.passthru.go-modules}/go.mod .
        go generate
      '';
    }));
  };
}