diff --git a/hosts/architect/dns.nix b/hosts/architect/dns.nix index 99507ab..801cbae 100644 --- a/hosts/architect/dns.nix +++ b/hosts/architect/dns.nix @@ -1,36 +1,26 @@ { config, pkgs, lib, ... }: let - adguard_dns_port = 5300; domain = "adguard.architect.devs.giugl.io"; - - utilities = import ./utilities.nix { inherit lib config; }; - inherit (utilities) architectInterfaceAddress; in { - architect.firewall.openUDPVPN = [ 53 ]; + architect = { + firewall.openUDPVPN = [ 53 ]; - networking.extraHosts = '' - ${architectInterfaceAddress "lan"} ${domain} - ${architectInterfaceAddress "wireguard"} ${domain} - ${architectInterfaceAddress "tailscale"} ${domain} - ''; + vhost.${domain} = { + dnsInterfaces = [ "lan" "tailscale" "wireguard" ]; - services = { - nginx.virtualHosts.${domain} = { - forceSSL = true; - enableACME = true; - extraConfig = '' - allow ${config.architect.networks.lan.net}; - allow ${config.architect.networks.tailscale.net}; - deny all; - ''; - - locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.adguardhome.settings.bind_port}"; + locations."/" = with config; { + port = services.adguardhome.settings.bind_port; + allow = with architect.networks; [ lan.net tailscale.net ]; + deny = [ + architect.networks."lan".devices.router.address + ]; }; }; + }; + services = { dnsmasq = { enable = true; settings = {