diff --git a/hosts/architect/dns.nix b/hosts/architect/dns.nix index 53d0e02..6bc6396 100644 --- a/hosts/architect/dns.nix +++ b/hosts/architect/dns.nix @@ -1,40 +1,49 @@ -{ config, pkgs, lib, ... }: +{ config, lib, ... }: let - domain = "adguard.architect.devs.giugl.io"; + # Function to generate CoreDNS config for a single vhost + generateCoreDNSConfigForVhost = domain: conf: + let + # Retrieve architect's IP on each interface + interfaceConfigs = builtins.map + (iface: + let + architectIP = config.architect.networks.${iface}.devices.architect.address; + interfaceNet = config.architect.networks.${iface}.net; + in + '' + ${domain} { + view ${iface} { + expr incidr(client_ip(), '${interfaceNet}') + } + + template IN A ${domain} { + answer "${domain}. 60 IN A ${architectIP}" + } + template IN HTTPS ${domain} { + answer "${domain}. 60 IN HTTPS 1 . ipv4hint=\"${architectIP}\"" + } + cache + log + } + '' + ) + conf.dnsInterfaces; + in + lib.concatStringsSep "\n" interfaceConfigs; in { - architect = { - firewall.openUDPVPN = [ 53 ]; - - vhost.${domain} = { - dnsInterfaces = [ "lan" "tailscale" ]; - - locations."/" = with config; { - port = services.adguardhome.settings.bind_port; - allow = with architect.networks; [ lan.net tailscale.net ]; - deny = [ - architect.networks."lan".devices.router.address - ]; - }; - }; - }; - services = { - dnsmasq = { + coredns = { enable = true; - settings = { - server = [ "127.0.0.1#${toString config.services.adguardhome.settings.dns.port}" ]; - localise-queries = true; - min-cache-ttl = 120; - max-cache-ttl = 2400; - domain = [ - "runas.rocks" - "giugl.io" - "devs.runas.rocks" - "devs.giugl.io" - ]; - }; + config = '' + ${lib.concatStringsSep "\n" (lib.mapAttrsToList generateCoreDNSConfigForVhost config.architect.vhost)} + + . { + cache + forward . 127.0.0.1:${toString config.services.adguardhome.settings.dns.port} + } + ''; }; adguardhome = {