{ myLib, dns, ... }:
let
  kunisZone = dns.lib.toString "kun.is" (import ./kun.is.zone.nix myLib dns);
in
{
  kubernetes.resources = {
    configMaps = {
      bind9-env.data.TZ = "Europe/Amsterdam";

      bind9-config.data = {
        # TODO: this was copied from nix's generated bind config
        # Is there a way to generate this without actually running the nixos module?
        config = ''
          acl cachenetworks {  127.0.0.0/24;  };
          acl badnetworks {  };

          options {
            listen-on {  any;  };
            listen-on-v6 {  any;  };
            allow-query { cachenetworks; };
            blackhole { badnetworks; };
            forward first;
            forwarders {  };
            directory "/run/named";
            pid-file "/run/named/named.pid";
            allow-transfer { none; };
            allow-recursion { none; };
            version none;
            notify no;
          };

          zone "kun.is" {
            type master;
            file "/etc/bind/kun.is.zone";
            allow-transfer {  };
            allow-query { any; };
          };
        '';

        kunis-zone = kunisZone;
      };
    };

    deployments.bind9 = {
      metadata.labels.app = "bind9";

      spec = {
        selector.matchLabels.app = "bind9";

        template = {
          metadata.labels.app = "bind9";

          spec = {
            containers = {
              bind9-udp = {
                image = "ubuntu/bind9:9.18-22.04_beta";
                envFrom = [{ configMapRef.name = "bind9-env"; }];

                ports.dns-udp = {
                  containerPort = 53;
                  protocol = "UDP";
                };

                volumeMounts = [
                  {
                    name = "config";
                    mountPath = "/etc/bind/named.conf";
                    subPath = "config";
                  }
                  {
                    name = "config";
                    mountPath = "/etc/bind/kun.is.zone";
                    subPath = "kunis-zone";
                  }
                ];
              };

              bind9-tcp = {
                image = "ubuntu/bind9:9.18-22.04_beta";
                envFrom = [{ configMapRef.name = "bind9-env"; }];

                ports.dns-tcp = {
                  containerPort = 53;
                  protocol = "TCP";
                };

                volumeMounts = [
                  {
                    name = "config";
                    mountPath = "/etc/bind/named.conf";
                    subPath = "config";
                  }
                  {
                    name = "config";
                    mountPath = "/etc/bind/kun.is.zone";
                    subPath = "kunis-zone";
                  }
                ];
              };
            };

            volumes = [{
              name = "config";
              configMap.name = "bind9-config";
            }];
          };
        };
      };
    };

    services = {
      bind9-udp = {
        metadata.annotations = {
          "metallb.universe.tf/loadBalancerIPs" = "${myLib.globals.bind9IPv4},${myLib.globals.bind9Ipv6}";
          "metallb.universe.tf/allow-shared-ip" = "dns";
        };

        spec = {
          type = "LoadBalancer";
          selector.app = "bind9";
          ipFamilies = [ "IPv4" "IPv6" ];
          ipFamilyPolicy = "RequireDualStack";

          ports.dns = {
            port = 53;
            targetPort = "dns-udp";
            protocol = "UDP";
          };
        };
      };

      bind9-tcp = {
        metadata.annotations = {
          "metallb.universe.tf/loadBalancerIPs" = "${myLib.globals.bind9IPv4},${myLib.globals.bind9Ipv6}";
          "metallb.universe.tf/allow-shared-ip" = "dns";
        };

        spec = {
          type = "LoadBalancer";
          selector.app = "bind9";
          ipFamilies = [ "IPv4" "IPv6" ];
          ipFamilyPolicy = "RequireDualStack";

          ports.dns = {
            port = 53;
            targetPort = "dns-tcp";
            protocol = "TCP";
          };
        };
      };
    };
  };
}