architect: switch to nextdns

hosts/architect/dns.nix

@@ -1,18 +1,40 @@
 { config, pkgs, lib, ... }:
 
 let
-  adguard_webui_port = 3031;
-  adguard_dns_port = "5300";
-  dnscrypt_listen_port = "5353";
+  adguard_dns_port = 5300;
+  domain = "adguard.architect.devs.giugl.io";
+
+  utilities = import ./utilities.nix { inherit lib config; };
+  inherit (utilities) architectInterfaceAddress;
 in
 {
   architect.firewall.openUDPVPN = [ 53 ];
 
+  networking.extraHosts = ''
+    ${architectInterfaceAddress "lan"} ${domain}
+    ${architectInterfaceAddress "wireguard"} ${domain}
+    ${architectInterfaceAddress "tailscale"} ${domain}
+  '';
+
   services = {
+    nginx.virtualHosts.${domain} = {
+      forceSSL = true;
+      enableACME = true;
+      extraConfig = ''
+        allow ${config.architect.networks.lan.net};
+        allow ${config.architect.networks.tailscale.net};
+        deny all;
+      '';
+
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:${toString config.services.adguardhome.port}";
+      };
+    };
+
     dnsmasq = {
       enable = true;
       # adguard port
-      servers = [ "127.0.0.1#${adguard_dns_port}" ];
+      servers = [ "127.0.0.1#${toString adguard_dns_port}" ];
       extraConfig = ''
         localise-queries
         min-cache-ttl=120
@@ -27,28 +49,7 @@ in
 
     adguardhome = {
       enable = true;
-      port = adguard_webui_port;
-    };
-
-    dnscrypt-proxy2 = {
-      enable = true;
-      settings = {
-        listen_addresses = [ "127.0.0.1:${dnscrypt_listen_port}" ];
-        ipv4_servers = true;
-        ipv6_servers = false;
-        block_ipv6 = true;
-        dnscrypt_servers = true;
-        doh_servers = true;
-        require_nolog = true;
-        require_nofilter = true;
-        timeout = 350;
-        lb_strategy = "p4";
-        lb_estimator = true;
-        ignore_system_dns = true;
-        fallback_resolvers = [ "1.1.1.1:53" "9.9.9.9:53" ];
-        cache_min_ttl = 450;
-        cache_max_ttl = 2400;
-      };
+      port = 5353;
     };
   };
 }