{ config, lib, ... }:
with lib; let
  inherit (config.local.ns.server) tsigName;
  inherit (config.local.nets) gate-public;
in
{
  options.local.ns.zones = mkOption {
    type = with lib.types; attrsOf (submodule ({ config, name, ... }:
      let
        cfg = config.localNS;
      in
      {
        options.localNS = {
          enable = mkEnableOption "local NS settings";

          primary = mkOption {
            type = str;
            default = "ns1";
          };
        };

        config = mkIf cfg.enable {
          # https://docs.gandi.net/en/domain_names/advanced_users/secondary_nameserver.html
          nsdConfig =
            let
              providerSecondary = [
                "37.205.15.45 ${tsigName}" # ns3.vpsfree.cz
                "37.205.11.85 ${tsigName}" # ns4.vpsfree.cz
                "2a03:3b40:fe:2be::1 ${tsigName}" # ns3.vpsfree.cz
                "2a03:3b40:101:4::1 ${tsigName}" # ns4.vpsfree.cz
              ];
            in
            {
              notify = providerSecondary;
              provideXFR = providerSecondary;
            };

          ns = [
            { name = "@"; host = cfg.primary; }
            { name = "@"; host = "ns3.vpsfree.cz."; }
            { name = "@"; host = "ns4.vpsfree.cz."; }
          ];

          a = [
            { name = cfg.primary; ipv4 = gate-public.hosts.gate.v4.address; }
          ];

          aaaa = [
            { name = cfg.primary; ipv6 = gate-public.hosts.gate.v6.address; }
          ];
        };
      }));
  };
}