feat(dns): per-host dns

2025-04-22 16:47:15 +01:00 · 2025-04-22 16:47:15 +01:00 · e6c5b780df
commit e6c5b780df
parent f3dfa9543e
1 changed files with 35 additions and 31 deletions
--- a/hosts/architect/dns.nix
+++ b/hosts/architect/dns.nix
@ -11,18 +11,28 @@ let
            let
              architectIP = config.architect.networks.${iface}.devices.architect.address;
              interfaceNet = config.architect.networks.${iface}.net;
-              deviceViews = concatMapStrings (deviceName: device:
-                let
-                  deviceIP = device.address;
-                in
-                ''
-                  view ${deviceName} {
-                    expr client_ip() == '${deviceIP}'
-
-                    forward . 8.8.8.8
-                  }
-                ''
-              ) (builtins.attrValues config.architect.networks.${iface}.devices);
+              deviceViews = concatMapStrings
+                ({ name, device }:
+                  let
+                    deviceIP = device.address;
+                  in
+                  ''
+                    . {
+                      view ${name} {
+                        expr client_ip() == '${deviceIP}'
+                      }
+                      
+                      forward . tls://45.90.28.77 tls://45.90.30.77 tls://2a07:a8c0::d6:5174 tls://2a07:a8c1::d6:5174 {
+                          tls_servername ${name}-d65174.dns.nextdns.io
+                          health_check 5s                        
+                      }
+                    }
+                  ''
+                )
+                (attrsets.mapAttrsToList
+                  (name: device: { inherit name device; })
+                  config.architect.networks.${iface}.devices
+                );
            in
            ''
              ${domain} {
@ -41,6 +51,7 @@ let
                cache
                log
              }
+              
              ${deviceViews}
            ''
          )
@ -48,7 +59,6 @@ let
    in
    concatStrings (mapAttrsToList generateForDomain domains);

-  # Combine vhosts and the single domain
  allDomains = config.architect.vhost // {
    "architect.devs.giugl.io" = { dnsInterfaces = [ "lan" "tailscale" ]; };
  };
@ -60,27 +70,21 @@ in
    locations."/" = {
      port = config.services.adguardhome.port;
      allowLan = true;
-
-      allow = [
-        tailscale.net
-      ];
+      allow = [ tailscale.net ];
    };
  };

-  services = {
-    coredns = {
-      enable = true;
-      config = ''
-                ${generateCoreDNSConfig allDomains}
-                          
-                . {
-                  cache
-                  forward . tls://45.90.28.77 tls://45.90.30.77 tls://2a07:a8c0::d6:5174 tls://2a07:a8c1::d6:5174 {
-                    tls_servername architect-d65174.dns.nextdns.io
+  services.coredns = {
+    enable = true;
+    config = ''
+      ${generateCoreDNSConfig allDomains}

-                    health_check 5s
-                  }
-      '';
-    };
+      . {
+        forward . tls://45.90.28.77 tls://45.90.30.77 tls://2a07:a8c0::d6:5174 tls://2a07:a8c1::d6:5174 {
+            tls_servername architect-d65174.dns.nextdns.io
+            health_check 5s                        
+        } 
+      }
+    '';
  };
 }