{ pkgs, config, ... }:
{
  services.coredns = {
    enable = true;
    package = pkgs.coredns.override {
      externalPlugins = [
        {
          name = "tailscale";
          repo = "github.com/damomurf/coredns-tailscale";
          version = "750df081a3cc63f325ecfde6c30a974dc0e4bf56";
        }
      ];
      vendorHash = "sha256-tuHr5oYmx3HNmsO6ZOO14vORArk8YHZBsodCiydf6k8=";
    };

    config = ''
      datarift.nl:5454 {
        tailscale datarift.nl {
          authkey {$TS_AUTHKEY}
        }
        log
        errors
      }
    '';
  };

  systemd.services.coredns.serviceConfig.EnvironmentFile = [ config.sops.secrets.coredns-env.path ];
}