{ inputs, pkgs, config, lib, ... }: {
  imports = [
    ../../templates/proxmox-lxc.nix
    ../../server.nix
    ../../features/podman.nix
    # ../../features/nginx.nix
  ];

  networking.hostName = "pihole";
  system.stateVersion = "24.05";
  nixpkgs.hostPlatform = "x86_64-linux";

  networking.firewall = {
    allowedTCPPorts = [ 53 80 443 ];
    allowedUDPPorts = [ 53 ];
  };

  services.resolved = {
    enable = false;
  };

  networking.nameservers = lib.mkForce [
    "2606:4700:4700::1111"
    "2606:4700:4700::1001"
    "1.1.1.1" 
    "1.0.0.1" 
  ];

  # services.nginx = {
  #   virtualHosts."pihole.hoki-porgy.ts.net" = {
  #     listen = [
  #       { addr = "0.0.0.0"; port = 443; ssl = true; }
  #       { addr = "[::]"; port = 443; ssl = true; }
  #     ];

      

  #     locations."/" = {
  #       recommendedProxySettings = true;
  #       proxyPass = "http://localhost:80";
  #     };
  #   };
  # };
  
  virtualisation.oci-containers.containers = {
    pihole = {
      image = "ghcr.io/pi-hole/pihole:nightly";
      ports = [
        "53:53/tcp"
        "53:53/udp"
        "80:80/tcp"
        "443:443/tcp"
        "67:67/tcp"
        "67:67/udp"
      ];
      volumes = [
        "etc-pihole:/etc/pihole"
        "etc-dnsmasq.d:/etc/dnsmasq.d"
      ];
      environment = {
        TZ = config.time.timeZone;
        VIRTUAL_HOST = "pihole.hoki-porgy.ts.net";
        PROXY_LOCATION = "pihole.hoki-porgy.ts.net";
        DNSMASQ_LISTENING = "all";
      };
      extraOptions = ["--dns=127.0.0.1" "--dns=1.1.1.1" "--cap-add=NET_ADMIN"];
    };
  };
}