peperunas/nixos
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat(dns): per-host dns

Browse Source
This commit is contained in:
Giulio De Pasquale 2025-04-22 16:47:15 +01:00
parent f3dfa9543e
commit e6c5b780df
1 changed files with 35 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
hosts/architect/dns.nix
View File

@ -11,18 +11,28 @@ let
let let
architectIP = config.architect.networks.${iface}.devices.architect.address; architectIP = config.architect.networks.${iface}.devices.architect.address;
interfaceNet = config.architect.networks.${iface}.net; interfaceNet = config.architect.networks.${iface}.net;
deviceViews = concatMapStrings (deviceName: device: deviceViews = concatMapStrings
({ name, device }:
let let
deviceIP = device.address; deviceIP = device.address;
in in
'' ''
view ${deviceName} { . {
view ${name} {
expr client_ip() == '${deviceIP}' expr client_ip() == '${deviceIP}'
}
forward . 8.8.8.8 forward . tls://45.90.28.77 tls://45.90.30.77 tls://2a07:a8c0::d6:5174 tls://2a07:a8c1::d6:5174 {
tls_servername ${name}-d65174.dns.nextdns.io
health_check 5s
}
} }
'' ''
) (builtins.attrValues config.architect.networks.${iface}.devices); )
(attrsets.mapAttrsToList
(name: device: { inherit name device; })
config.architect.networks.${iface}.devices
);
in in
'' ''
${domain} { ${domain} {
@ -41,6 +51,7 @@ let
cache cache
log log
} }
${deviceViews} ${deviceViews}
'' ''
) )
@ -48,7 +59,6 @@ let
in in
concatStrings (mapAttrsToList generateForDomain domains); concatStrings (mapAttrsToList generateForDomain domains);
# Combine vhosts and the single domain
allDomains = config.architect.vhost // { allDomains = config.architect.vhost // {
"architect.devs.giugl.io" = { dnsInterfaces = [ "lan" "tailscale" ]; }; "architect.devs.giugl.io" = { dnsInterfaces = [ "lan" "tailscale" ]; };
}; };
@ -60,27 +70,21 @@ in
locations."/" = { locations."/" = {
port = config.services.adguardhome.port; port = config.services.adguardhome.port;
allowLan = true; allowLan = true;
allow = [ tailscale.net ];
allow = [
tailscale.net
];
}; };
}; };
services = { services.coredns = {
coredns = {
enable = true; enable = true;
config = '' config = ''
${generateCoreDNSConfig allDomains} ${generateCoreDNSConfig allDomains}
. { . {
cache
forward . tls://45.90.28.77 tls://45.90.30.77 tls://2a07:a8c0::d6:5174 tls://2a07:a8c1::d6:5174 { forward . tls://45.90.28.77 tls://45.90.30.77 tls://2a07:a8c0::d6:5174 tls://2a07:a8c1::d6:5174 {
tls_servername architect-d65174.dns.nextdns.io tls_servername architect-d65174.dns.nextdns.io
health_check 5s health_check 5s
} }
}
''; '';
}; };
};
} }