{ ... }:
let
  directories = [
    "/opt/pihole/"
  ];
in
{
  systemd.tmpfiles.rules = map (x: "d ${x} 0755 share share - -") directories;
  virtualisation.oci-containers.containers.pihole = {
    image = "pihole/pihole:latest";
    autoStart = true;
    ports = [
      "53:53/udp"
      "53:53/tcp"
      "80:80/tcp"
    ];
    volumes = [
      "/opt/pihole/etc:/etc/pihole"
      "/opt/pihole/etc-dnsmasq.d:/etc/dnsmasq.d"
    ];
    environment = {
      TZ = "America/Detroit";
      WEBPASSWORD = "pihole4ALL!";
      FTLCONF_LOCAL_IPV4 = "10.0.0.202";
      INTERFACE = "eno1";
    };
    extraOptions = [ "--network=host" ];
  };

  networking.firewall = {
    allowedTCPPorts = [ 53 80 ];
    allowedUDPPorts = [ 53 ];
  };
}