{ lib, tools, ... }:

# upstream's zone generator is pretty bad, so...

# TODO: make this prettier

let
  inherit (tools.meta) domain;
  inherit (tools) nginx identity;

  externalSlave = { name, masters ? [ identity.dns.master.addr ], notify ? "no", alsoNotify ? [ "none" ] }: let
    zoneName = "${name}";
    file = "/var/named/slaves/ext_${zoneName}.db";
    mastersFormatted = builtins.concatStringsSep "; " masters;
    notifiersFormatted = builtins.concatStringsSep "; " alsoNotify;
  in ''
    zone "${zoneName}." IN {
      type slave;
      masters { ${mastersFormatted}; };
      file "${file}";
      allow-transfer { trusted; publicservers; };
      allow-query { any; };
      notify ${notify};
      also-notify { ${notifiersFormatted}; };
    };
  '';
  internalSlave' = domain: name: let
    zoneName  = "${name}${domain}";
    file = "/var/named/slaves/int_${zoneName}.db";
  in ''
    zone "${zoneName}." IN {
      type slave;
      masters { ${identity.dns.master.addr}; };
      file "${file}";
      allow-transfer { trusted; };
      allow-query { trusted; };
      notify no;
    };
  '';
  internalSlave = internalSlave' ".${domain}";
  revSlave = internalSlave' ".in-addr.arpa";
  toAttr = value: { inherit (value) name; inherit value; };
in
{
  services.bind.extraConfig = builtins.concatStringsSep "\n" ([
    (externalSlave { name = domain; notify = "explicit"; alsoNotify = [ "116.202.226.86" ]; })
    (externalSlave { name = "animus.com"; masters = [ "116.202.226.86" ]; })
  ] ++ map internalSlave [
    "virtual-machines"
    "core"
    "services"
    "ext"
    "int"
    "vpn"
    "find"
  ] ++ map revSlave [
    "0.10.10"
    "1.10.10"
    "2.10.10"
    "100.10"
  ] ++ map (internalSlave' "") [
    "void"
  ]);
}