diff --git a/hosts/architect/dns.nix b/hosts/architect/dns.nix index fb6fd01..9a9a638 100644 --- a/hosts/architect/dns.nix +++ b/hosts/architect/dns.nix @@ -1,18 +1,40 @@ { config, pkgs, lib, ... }: let - adguard_webui_port = 3031; - adguard_dns_port = "5300"; - dnscrypt_listen_port = "5353"; + adguard_dns_port = 5300; + domain = "adguard.architect.devs.giugl.io"; + + utilities = import ./utilities.nix { inherit lib config; }; + inherit (utilities) architectInterfaceAddress; in { architect.firewall.openUDPVPN = [ 53 ]; + networking.extraHosts = '' + ${architectInterfaceAddress "lan"} ${domain} + ${architectInterfaceAddress "wireguard"} ${domain} + ${architectInterfaceAddress "tailscale"} ${domain} + ''; + services = { + nginx.virtualHosts.${domain} = { + forceSSL = true; + enableACME = true; + extraConfig = '' + allow ${config.architect.networks.lan.net}; + allow ${config.architect.networks.tailscale.net}; + deny all; + ''; + + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.adguardhome.port}"; + }; + }; + dnsmasq = { enable = true; # adguard port - servers = [ "127.0.0.1#${adguard_dns_port}" ]; + servers = [ "127.0.0.1#${toString adguard_dns_port}" ]; extraConfig = '' localise-queries min-cache-ttl=120 @@ -27,28 +49,7 @@ in adguardhome = { enable = true; - port = adguard_webui_port; - }; - - dnscrypt-proxy2 = { - enable = true; - settings = { - listen_addresses = [ "127.0.0.1:${dnscrypt_listen_port}" ]; - ipv4_servers = true; - ipv6_servers = false; - block_ipv6 = true; - dnscrypt_servers = true; - doh_servers = true; - require_nolog = true; - require_nofilter = true; - timeout = 350; - lb_strategy = "p4"; - lb_estimator = true; - ignore_system_dns = true; - fallback_resolvers = [ "1.1.1.1:53" "9.9.9.9:53" ]; - cache_min_ttl = 450; - cache_max_ttl = 2400; - }; + port = 5353; }; }; }