{
  pkgs,
  config,
  lib,
  ...
}: let
  service = "dnsmasq";
  cfg = config.homelab.${service};
  sec = config.sops.secrets;
  homelab = config.homelab;
in {
  options.homelab.${service} = {
    enable = lib.mkEnableOption "enables ${service}";
    port = lib.mkOption {
      type = lib.types.int;
      default = 53;
      description = "set port for ${service} (default: ${toString cfg.port}";
    };
  };

  config = lib.mkIf cfg.enable {
    # enable the ${service} service
    services.${service} = {
      enable = true;
      settings = {
        #listen-address = "10.10.0.10";  # your LAN IP
        interface = "enp89s0";
        bind-interfaces = true;
        address = "/snowbelle.lan/10.10.0.10";
        server = [ # upstream dns
          "9.9.9.9"
          "1.1.1.1"
        ];
      };
    };

    # open firewall
    networking.firewall.allowedTCPPorts = [ cfg.port ];
    networking.firewall.allowedUDPPorts = [ cfg.port ];

  };
}