{
  kubernetes.resources = {
    # TODO: generate this with nix?
    configMaps.dnsmasq-config.data.config = ''
      address=/kms.kun.is/192.168.30.129
      address=/ssh.git.kun.is/192.168.30.132
      alias=192.145.57.90,192.168.30.128
      expand-hosts
      host-record=hermes.dmz,192.168.30.135
      local=/dmz/
      log-queries
      no-hosts
      no-resolv
      port=53
      server=192.168.30.1
      server=/kun.is/192.168.30.134
    '';

    deployments.dnsmasq = {
      metadata.labels.app = "dnsmasq";

      spec = {
        selector.matchLabels.app = "dnsmasq";

        template = {
          metadata.labels.app = "dnsmasq";

          spec = {
            containers.dnsmasq = {
              image = "dockurr/dnsmasq:2.90";

              ports = [{
                containerPort = 53;
                protocol = "UDP";
              }];

              volumeMounts = [{
                name = "config";
                mountPath = "/etc/dnsmasq.conf";
                subPath = "config";
              }];
            };

            volumes = [{
              name = "config";
              configMap.name = "dnsmasq-config";
            }];
          };
        };
      };
    };

    services.dnsmasq.spec = {
      type = "LoadBalancer";
      loadBalancerIP = "192.168.30.135";
      selector.app = "dnsmasq";

      ports = [{
        port = 53;
        targetPort = 53;
        protocol = "UDP";
      }];
    };
  };
}