{
  config,
  lib,
  pkgs,
  ...
}: {
  services.adguardhome = {
    enable = true;
    mutableSettings = false;
    settings = rec {
      http.address = "0.0.0.0:3200";
      dns = {
        bind_hosts = ["127.0.0.1" "192.168.1.230"];
        bootstrap_dns = ["9.9.9.9" "149.112.112.10"];
        ratelimit = 0;
        safe_search.enabled = true;
        rewrites = [
          {
            domain = "xenia.me.uk";
            answer = "192.168.1.230";
          }
          {
            domain = "*.xenia.me.uk";
            answer = "192.168.1.230";
          }
        ];
        blocked_services.ids = [];
      };
      filtering = {inherit (dns) safe_search rewrites blocked_services;};
      querylog.ignored = [
        "discovery.syncthing.net"
        "discovery-v6.syncthing.net"
        "matrix.tchncs.de"
      ];
      statistics = {inherit (querylog) ignored;};
    };
    openFirewall = true;
  };
  networking.firewall = {
    allowedTCPPorts = [53];
    allowedUDPPorts = [53];
  };
}