From 4369735976f3c66e0ea18fb3603110bcce9feff7 Mon Sep 17 00:00:00 2001
From: Giulio De Pasquale <git@depasquale.giugl.io>
Date: Sat, 26 Apr 2025 19:31:05 +0100
Subject: [PATCH] stuff

---
 hosts/architect/default.nix           | 29 +++++++++++++++++++++++++--
 hosts/architect/dns.nix               |  1 -
 hosts/architect/tailscale.nix         |  2 +-
 modules/core/dns.nix                  | 12 +++++------
 modules/core/network.nix              | 10 ++-------
 modules/services/bazarr/default.nix   |  3 +--
 modules/services/jellyfin/default.nix |  3 +--
 modules/services/nzbget/default.nix   |  3 +--
 modules/services/sonarr/default.nix   |  3 +--
 9 files changed, 39 insertions(+), 27 deletions(-)

diff --git a/hosts/architect/default.nix b/hosts/architect/default.nix
index 4525c3f..d6b1ee0 100644
--- a/hosts/architect/default.nix
+++ b/hosts/architect/default.nix
@@ -24,7 +24,7 @@ in
     ./dns.nix
     ./prowlarr.nix
     ./redlib.nix
-    ./jellyfin.nix
+    # ./jellyfin.nix
     ./tailscale.nix
     ./headscale.nix
     ./llm.nix
@@ -146,7 +146,7 @@ in
           type = "lan";
           net = "10.0.0.0/24";
           devices = {
-            architect = { address = "10.0.0.250"; hostname = "architect.${domain}"; };
+            architect = { address = "10.0.0.250"; hostname = "architect.${domain}"; isEndpoint = true; };
             brigettine = { address = "10.0.0.1"; hostname = "router.${domain}"; };
             dreamel10 = { address = "10.0.0.199"; hostname = "dreamel10.${domain}"; };
             reolinkcamera = { address = "10.0.0.200"; hostname = "reolinkcamera.${domain}"; };
@@ -178,6 +178,31 @@ in
         domain = "htrad.giugl.io";
         package = pkgs.unstablePkgs.radarr;
       };
+
+      sonarr = {
+        enable = true;
+        domain = "htson.giugl.io";
+        package = pkgs.unstablePkgs.sonarr;
+      };
+
+      bazarr = {
+        enable = true;
+        domain = "htbaz.giugl.io";
+        package = pkgs.unstablePkgs.bazarr;
+      };
+      
+      nzbget = {
+        enable = true;
+        domain = "htnzb.giugl.io";
+        package = pkgs.unstablePkgs.nzbget;
+      };
+
+
+      jellyfin = {
+        enable = true;
+        domain = "media.giugl.io";
+        package = pkgs.unstablePkgs.jellyfin;
+      };
     };
   };
 }
diff --git a/hosts/architect/dns.nix b/hosts/architect/dns.nix
index d345514..79fe1bb 100644
--- a/hosts/architect/dns.nix
+++ b/hosts/architect/dns.nix
@@ -5,7 +5,6 @@
   pepe.core.dns = {
     enable = true;
     nextDNSId = "d65174";
-    processDomainsFirst = true;
     extraDomains = {
       "architect.devs.giugl.io" = { 
         dnsInterfaces = [ "lan" "tailscale" ]; 
diff --git a/hosts/architect/tailscale.nix b/hosts/architect/tailscale.nix
index af3d037..1312009 100644
--- a/hosts/architect/tailscale.nix
+++ b/hosts/architect/tailscale.nix
@@ -12,7 +12,7 @@ in
     net = "100.64.0.0/10";
     type = "vpn";
     devices = {
-      architect = { address = "100.64.0.1"; hostname = "architect.${domain}"; };
+      architect = { address = "100.64.0.1"; hostname = "architect.${domain}"; isEndpoint = true; };
       kmerr = { address = "100.64.0.2"; hostname = "kmerr.${domain}"; };
       chuck = { address = "100.64.0.4"; hostname = "chuck.${domain}"; };
       dodino = { address = "100.64.0.5"; hostname = "dodino.${domain}"; };
diff --git a/modules/core/dns.nix b/modules/core/dns.nix
index 26a9c8d..bbdc15b 100644
--- a/modules/core/dns.nix
+++ b/modules/core/dns.nix
@@ -42,7 +42,9 @@ in
           generateDomainConfig = domain: conf: ifaceName:
             let
               iface = config.pepe.core.network.interfaces.${ifaceName};
-              serverIP = iface.devices.server.address or "127.0.0.1";
+
+              ifaceEndpoint = lib.head (lib.attrNames (lib.filterAttrs (_: device: device.isEndpoint) iface.devices));
+              serverIP = iface.devices.${ifaceEndpoint}.address;
               interfaceNet = iface.net;
             in
             ''
@@ -73,9 +75,7 @@ in
               ({ name, device }:
                 let
                   deviceIP = device.address;
-                  serverName = if device.dnsServerName != "" 
-                               then device.dnsServerName 
-                               else "${name}-${cfg.nextDNSId}.dns.nextdns.io";
+                  serverName = "${name}-${cfg.nextDNSId}.dns.nextdns.io";
                 in
                 ''
                   . {
@@ -124,9 +124,7 @@ in
 
           . {
             forward . tls://45.90.28.77 tls://45.90.30.77 {
-                tls_servername ${if (lib.length (lib.attrNames config.pepe.core.network.dnsEndpoints)) > 0 
-                                then (lib.head (lib.attrValues config.pepe.core.network.dnsEndpoints)).serverName
-                                else "lan-${cfg.nextDNSId}.dns.nextdns.io"}
+                tls_servername "lan-${cfg.nextDNSId}.dns.nextdns.io"
                 health_check 5s                        
             } 
           }
diff --git a/modules/core/network.nix b/modules/core/network.nix
index 018be59..28380d5 100644
--- a/modules/core/network.nix
+++ b/modules/core/network.nix
@@ -37,17 +37,11 @@ in
                   description = "The hostname of the device.";
                 };
                 
-                isDnsEndpoint = mkOption {
+                isEndpoint = mkOption {
                   type = types.bool;
                   default = false;
                   description = "Whether this device serves as a DNS endpoint for this interface.";
-                };
-                
-                dnsServerName = mkOption {
-                  type = types.str;
-                  default = "";
-                  description = "DNS server name for TLS connections (e.g., 'device-id.dns.nextdns.io').";
-                };
+                };                
               };
             });
             default = { };
diff --git a/modules/services/bazarr/default.nix b/modules/services/bazarr/default.nix
index 3bb5621..d5245a2 100644
--- a/modules/services/bazarr/default.nix
+++ b/modules/services/bazarr/default.nix
@@ -22,8 +22,7 @@ in
       group = "media";
     };
 
-    pepe.core.vhost.hosts.${cfg.domain} = with config.pepe.core.network; {
-      dnsInterfaces = [ interfaceTypes.vpn ];
+    pepe.core.vhost.hosts.${cfg.domain} = {
       locations."/" = {
         port = 6767;
         allowLAN = true;
diff --git a/modules/services/jellyfin/default.nix b/modules/services/jellyfin/default.nix
index 60333b2..600fa06 100644
--- a/modules/services/jellyfin/default.nix
+++ b/modules/services/jellyfin/default.nix
@@ -24,8 +24,7 @@ in
     # needed since StateDirectory does not accept symlinks
     systemd.services.jellyfin.serviceConfig.StateDirectory = mkForce "";
 
-    pepe.core.vhost.hosts.${cfg.domain} = with config.pepe.core.network; {
-      dnsInterfaces = [ interfaceTypes.lan interfaceTypes.vpn ];
+    pepe.core.vhost.hosts.${cfg.domain} = {
       locations = {
         "/" = {
           port = 8096;
diff --git a/modules/services/nzbget/default.nix b/modules/services/nzbget/default.nix
index 8f760ed..e6a4491 100644
--- a/modules/services/nzbget/default.nix
+++ b/modules/services/nzbget/default.nix
@@ -22,8 +22,7 @@ in
       group = "media";
     };
 
-    pepe.core.vhost.hosts.${cfg.domain} = with config.pepe.core.network; {
-      dnsInterfaces = [ interfaceTypes.vpn interfaceTypes.lan ];
+    pepe.core.vhost.hosts.${cfg.domain} = {
       locations."/" = {
         port = 6789;
         allowLAN = true;
diff --git a/modules/services/sonarr/default.nix b/modules/services/sonarr/default.nix
index 8bc0b42..e3b48c3 100644
--- a/modules/services/sonarr/default.nix
+++ b/modules/services/sonarr/default.nix
@@ -21,8 +21,7 @@ in
       package = cfg.package;
     };
 
-    pepe.core.vhost.hosts.${cfg.domain} = with config.pepe.core.network; {
-      dnsInterfaces = [ interfaceTypes.vpn interfaceTypes.lan ];
+    pepe.core.vhost.hosts.${cfg.domain} = {
       locations."/" = {
         port = 8989;
         allowLAN = true;