{
  utils,
  globals,
  config,
  lib,
  ...
}: {
  options.dnsmasq.enable = lib.mkEnableOption "dnsmasq";

  config = lib.mkIf config.dnsmasq.enable {
    kubernetes.resources = {
      deployments.dnsmasq.spec = {
        selector.matchLabels.app = "dnsmasq";

        template = {
          metadata.labels.app = "dnsmasq";

          spec.containers.dnsmasq = {
            image = utils.mkNixNGImage "dnsmasq";
            imagePullPolicy = "Always";

            ports.dns = {
              containerPort = 53;
              protocol = "UDP";
            };
          };
        };
      };

      services.dnsmasq.spec = {
        loadBalancerIP = globals.dnsmasqIPv4;
        type = "LoadBalancer";
        selector.app = "dnsmasq";

        ports.dns = {
          port = 53;
          targetPort = "dns";
          protocol = "UDP";
        };
      };
    };
  };
}