{ config, pkgs, lib, ... }: let domain = "adguard.architect.devs.giugl.io"; in { architect = { firewall.openUDPVPN = [ 53 ]; vhost.${domain} = { dnsInterfaces = [ "lan" "tailscale" "wireguard" ]; locations."/" = with config; { port = services.adguardhome.settings.bind_port; allow = with architect.networks; [ lan.net tailscale.net ]; deny = [ architect.networks."lan".devices.router.address ]; }; }; }; services = { dnsmasq = { enable = true; settings = { server = [ "127.0.0.1#${toString config.services.adguardhome.settings.dns.port}" ]; localise-queries = true; min-cache-ttl = 120; max-cache-ttl = 2400; domain = [ "runas.rocks" "giugl.io" "devs.runas.rocks" "devs.giugl.io" ]; }; }; adguardhome = { enable = true; settings = { bind_port = 5353; dns = { port = 5300; }; upstream_dns = [ "tls://architect.d65174.dns.nextdns.io" "https://dns.nextdns.io/d65174/architect" ]; }; }; }; }