From e6c5b780df222b3be0b1b723a01793a98084b897 Mon Sep 17 00:00:00 2001
From: Giulio De Pasquale <git@depasquale.giugl.io>
Date: Tue, 22 Apr 2025 16:47:15 +0100
Subject: [PATCH] feat(dns): per-host dns

---
 hosts/architect/dns.nix | 66 ++++++++++++++++++++++-------------------
 1 file changed, 35 insertions(+), 31 deletions(-)

diff --git a/hosts/architect/dns.nix b/hosts/architect/dns.nix
index 2aa686b..259fb34 100644
--- a/hosts/architect/dns.nix
+++ b/hosts/architect/dns.nix
@@ -11,18 +11,28 @@ let
             let
               architectIP = config.architect.networks.${iface}.devices.architect.address;
               interfaceNet = config.architect.networks.${iface}.net;
-              deviceViews = concatMapStrings (deviceName: device:
-                let
-                  deviceIP = device.address;
-                in
-                ''
-                  view ${deviceName} {
-                    expr client_ip() == '${deviceIP}'
-
-                    forward . 8.8.8.8
-                  }
-                ''
-              ) (builtins.attrValues config.architect.networks.${iface}.devices);
+              deviceViews = concatMapStrings
+                ({ name, device }:
+                  let
+                    deviceIP = device.address;
+                  in
+                  ''
+                    . {
+                      view ${name} {
+                        expr client_ip() == '${deviceIP}'
+                      }
+                      
+                      forward . tls://45.90.28.77 tls://45.90.30.77 tls://2a07:a8c0::d6:5174 tls://2a07:a8c1::d6:5174 {
+                          tls_servername ${name}-d65174.dns.nextdns.io
+                          health_check 5s                        
+                      }
+                    }
+                  ''
+                )
+                (attrsets.mapAttrsToList
+                  (name: device: { inherit name device; })
+                  config.architect.networks.${iface}.devices
+                );
             in
             ''
               ${domain} {
@@ -41,6 +51,7 @@ let
                 cache
                 log
               }
+              
               ${deviceViews}
             ''
           )
@@ -48,7 +59,6 @@ let
     in
     concatStrings (mapAttrsToList generateForDomain domains);
 
-  # Combine vhosts and the single domain
   allDomains = config.architect.vhost // {
     "architect.devs.giugl.io" = { dnsInterfaces = [ "lan" "tailscale" ]; };
   };
@@ -60,27 +70,21 @@ in
     locations."/" = {
       port = config.services.adguardhome.port;
       allowLan = true;
-
-      allow = [
-        tailscale.net
-      ];
+      allow = [ tailscale.net ];
     };
   };
 
-  services = {
-    coredns = {
-      enable = true;
-      config = ''
-                ${generateCoreDNSConfig allDomains}
-                          
-                . {
-                  cache
-                  forward . tls://45.90.28.77 tls://45.90.30.77 tls://2a07:a8c0::d6:5174 tls://2a07:a8c1::d6:5174 {
-                    tls_servername architect-d65174.dns.nextdns.io
+  services.coredns = {
+    enable = true;
+    config = ''
+      ${generateCoreDNSConfig allDomains}
 
-                    health_check 5s
-                  }
-      '';
-    };
+      . {
+        forward . tls://45.90.28.77 tls://45.90.30.77 tls://2a07:a8c0::d6:5174 tls://2a07:a8c1::d6:5174 {
+            tls_servername architect-d65174.dns.nextdns.io
+            health_check 5s                        
+        } 
+      }
+    '';
   };
 }