diff --git a/flake.lock b/flake.lock index 44eab54..de04455 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ }, "catppuccin": { "locked": { - "lastModified": 1730036420, - "narHash": "sha256-rv2bz7J6Wo7AenPiu4+ptCB1AFyaMcS77y89zbRAtI8=", + "lastModified": 1728407414, + "narHash": "sha256-B8LaxUP93eh+it8RW1pGq4SsU2kj7f0ipzFuhBvpON8=", "owner": "catppuccin", "repo": "nix", - "rev": "0b7bf04628414a402d255924f65e9a0d1a53d92b", + "rev": "96cf8b4a05fb23a53c027621b1147b5cf9e5439f", "type": "github" }, "original": { @@ -59,11 +59,11 @@ "eza-themes": { "flake": false, "locked": { - "lastModified": 1730050654, - "narHash": "sha256-Gs21+A/to2AqjQsqMlWeOuSowYPOuSZ3fK6LRdBPUmI=", + "lastModified": 1726839736, + "narHash": "sha256-dd9KBb3Upg+x/4ImQwSwKWtDHyfk/29zLkmrVgHVsh0=", "owner": "eza-community", "repo": "eza-themes", - "rev": "74be26bbd2ce76b29c37250a2fb7cb5d6644c964", + "rev": "302f4783dcd84a8221f1da8223d1ea0885fd26e3", "type": "github" }, "original": { @@ -234,11 +234,11 @@ ] }, "locked": { - "lastModified": 1730450782, - "narHash": "sha256-0AfApF8aexgB6o34qqLW2cCX4LaWJajBVdU6ddiWZBM=", + "lastModified": 1729459288, + "narHash": "sha256-gBOVJv+q6Mx8jGvwX7cE6J8+sZmi1uxpRVsO7WxvVuQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "8ca921e5a806b5b6171add542defe7bdac79d189", + "rev": "1e27f213d77fc842603628bcf2df6681d7d08f7e", "type": "github" }, "original": { @@ -276,11 +276,11 @@ ] }, "locked": { - "lastModified": 1730441026, - "narHash": "sha256-xmZQFGeIm2TzXv4jGaQ3nfBoUbt4gKbIv/SHVWw93ag=", + "lastModified": 1729177642, + "narHash": "sha256-DdKal+ZhB9QD/tnEwFg4cZ4j4YnrkvSljBxnyG+3eE0=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "bd1da5657b8903b293a0ff51eb896a91a544ebed", + "rev": "bb69165ff372ddbd3228a03513922acd783040e8", "type": "github" }, "original": { @@ -292,11 +292,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1730433081, - "narHash": "sha256-1oqkMcFQyAqCvqkjG9K3NaRLyB1qkXXiZoxe4rwM6ag=", - "rev": "834450e237b82230934b5d25ed212b5a55938cc5", + "lastModified": 1729455191, + "narHash": "sha256-8hqmXUj2NH7fqZLFtFer+FfldkTaTmbkghvxM2UNK10=", + "rev": "068f4b147d589f2a219ba917537b53a56089c1ba", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/834450e237b82230934b5d25ed212b5a55938cc5.tar.gz?rev=834450e237b82230934b5d25ed212b5a55938cc5" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/068f4b147d589f2a219ba917537b53a56089c1ba.tar.gz?rev=068f4b147d589f2a219ba917537b53a56089c1ba" }, "original": { "type": "tarball", @@ -351,11 +351,11 @@ }, "nix-flatpak": { "locked": { - "lastModified": 1730108712, - "narHash": "sha256-vIvmXmjAQIY39hACGFe/cdBK2r3ZprpHLwX2HIy7Mj8=", + "lastModified": 1729453639, + "narHash": "sha256-L19R5CXCfTU9IFs9FAaYhDiteegfhJQMiAHLfls4Pdw=", "owner": "gmodena", "repo": "nix-flatpak", - "rev": "1cba177bb0a948c919af7596e40bef307543d40a", + "rev": "68bc646058386e2ffbd9d78d79d6558e684f6b8c", "type": "github" }, "original": { @@ -373,11 +373,11 @@ ] }, "locked": { - "lastModified": 1729697500, - "narHash": "sha256-VFTWrbzDlZyFHHb1AlKRiD/qqCJIripXKiCSFS8fAOY=", + "lastModified": 1690328911, + "narHash": "sha256-fxtExYk+aGf2YbjeWQ8JY9/n9dwuEt+ma1eUFzF8Jeo=", "owner": "zhaofengli", "repo": "nix-github-actions", - "rev": "e418aeb728b6aa5ca8c5c71974e7159c2df1d8cf", + "rev": "96df4a39c52f53cb7098b923224d8ce941b64747", "type": "github" }, "original": { @@ -389,11 +389,11 @@ }, "nix-impermanence": { "locked": { - "lastModified": 1730403150, - "narHash": "sha256-W1FH5aJ/GpRCOA7DXT/sJHFpa5r8sq2qAUncWwRZ3Gg=", + "lastModified": 1729068498, + "narHash": "sha256-C2sGRJl1EmBq0nO98TNd4cbUy20ABSgnHWXLIJQWRFA=", "owner": "nix-community", "repo": "impermanence", - "rev": "0d09341beeaa2367bac5d718df1404bf2ce45e6f", + "rev": "e337457502571b23e449bf42153d7faa10c0a562", "type": "github" }, "original": { @@ -409,11 +409,11 @@ ] }, "locked": { - "lastModified": 1729999765, - "narHash": "sha256-LYsavZXitFjjyETZoij8usXjTa7fa9AIF3Sk3MJSX+Y=", + "lastModified": 1729394935, + "narHash": "sha256-2ntUG+NJKdfhlrh/tF+jOU0fOesO7lm5ZZVSYitsvH8=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "0e3a8778c2ee218eff8de6aacf3d2fa6c33b2d4f", + "rev": "04f8a11f247ba00263b060fbcdc95484fd046104", "type": "github" }, "original": { @@ -429,11 +429,11 @@ ] }, "locked": { - "lastModified": 1729999765, - "narHash": "sha256-LYsavZXitFjjyETZoij8usXjTa7fa9AIF3Sk3MJSX+Y=", + "lastModified": 1729394935, + "narHash": "sha256-2ntUG+NJKdfhlrh/tF+jOU0fOesO7lm5ZZVSYitsvH8=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "0e3a8778c2ee218eff8de6aacf3d2fa6c33b2d4f", + "rev": "04f8a11f247ba00263b060fbcdc95484fd046104", "type": "github" }, "original": { @@ -451,11 +451,11 @@ ] }, "locked": { - "lastModified": 1730426071, - "narHash": "sha256-2BkSiHqyWikpz9HSgTBk5kikaQ5m0Rs60C9KA2kf53o=", + "lastModified": 1729389245, + "narHash": "sha256-vkTEnmCpkMn0DzaQDkLLCBUDXe+zhMiCfykdeC/BQjc=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "4b371c3d119493051d081ff5b6cff689a97ad1a1", + "rev": "4141afa4cc8f63b7c88788a319efef69459222ee", "type": "github" }, "original": { @@ -466,11 +466,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1730368399, - "narHash": "sha256-F8vJtG389i9fp3k2/UDYHMed3PLCJYfxCqwiVP7b9ig=", + "lastModified": 1729455275, + "narHash": "sha256-THqzn/7um3oMHUEGXyq+1CJQE7EogwR3HjLMNOlhFBE=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "da14839ac5f38ee6adbdb4e6db09b5eef6d6ccdc", + "rev": "9fcf30fccf8435f6390efec4a4d38e69c2268a36", "type": "github" }, "original": { @@ -498,11 +498,11 @@ }, "nixpkgs-raw": { "locked": { - "lastModified": 1730327045, - "narHash": "sha256-xKel5kd1AbExymxoIfQ7pgcX6hjw9jCgbiBjiUfSVJ8=", + "lastModified": 1729181673, + "narHash": "sha256-LDiPhQ3l+fBjRATNtnuDZsBS7hqoBtPkKBkhpoBHv3I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "080166c15633801df010977d9d7474b4a6c549d7", + "rev": "4eb33fe664af7b41a4c446f87d20c9a0a6321fa3", "type": "github" }, "original": { @@ -513,11 +513,11 @@ }, "nixpkgs-unstable-raw": { "locked": { - "lastModified": 1730200266, - "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=", + "lastModified": 1729256560, + "narHash": "sha256-/uilDXvCIEs3C9l73JTACm4quuHUsIHcns1c+cHUJwA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd", + "rev": "4c2fcb090b1f3e5b47eaa7bd33913b574a11e0a0", "type": "github" }, "original": { @@ -528,11 +528,11 @@ }, "nur": { "locked": { - "lastModified": 1730455118, - "narHash": "sha256-E5yWeAUKohUot11JBfH7apOyPjqs3z2/fAtUc2LNfHw=", + "lastModified": 1729460551, + "narHash": "sha256-/+63hDTCMSplnJ/V5dd7y43kRkiRVOCjGsQ+LWg+0jM=", "owner": "nix-community", "repo": "NUR", - "rev": "5bf603459b923edbee4955e9fc94b94662add85c", + "rev": "f0da30b33a995a031ba331faa11b58b22dc69469", "type": "github" }, "original": { @@ -551,11 +551,11 @@ ] }, "locked": { - "lastModified": 1730366788, - "narHash": "sha256-0Ezvv4KkyFdLAblPBFDgZbiMLlJZtpHruT2i4KC2wIY=", + "lastModified": 1729372184, + "narHash": "sha256-Tb2/jJ74pt0nmfprkOW1g5zZphJTNbzLnyDENM+c5+I=", "owner": "nix-community", "repo": "plasma-manager", - "rev": "f634d5f6ee9be365b2ca08b2d00e0e3b0c240b9e", + "rev": "9390dadadc58ffda8e494b31ef66a4ae041f6dd1", "type": "github" }, "original": { @@ -690,11 +690,11 @@ ] }, "locked": { - "lastModified": 1730426202, - "narHash": "sha256-swwKpE3lrdvcSh6Hjyf/eSe/zPnsZgeVlSl+B4yBpeo=", + "lastModified": 1729389220, + "narHash": "sha256-vHCkVYWrw03vn48Yihor5PXiSuxDSF1TcyO2kAs1Ehg=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "96dcbddd24edc60ad47f41bb2a73e06099eba4af", + "rev": "f4dd6d6b728a61095b944de1fbc58c5bbdc87320", "type": "github" }, "original": { diff --git a/roles/server/caddy.nix b/roles/server/caddy.nix index 439f231..83cba86 100644 --- a/roles/server/caddy.nix +++ b/roles/server/caddy.nix @@ -47,17 +47,10 @@ in { }; }; }; - services.headscale.settings.dns_config.extra_records = let - makeRecords = builtins.map (recordName: { - name = recordName; - type = "A"; - value = "100.100.0.1"; - }); - in - makeRecords [ - manualHostname - downloadsHostname - ]; + services.dnsmasq.settings.cname = [ + "${manualHostname},everest" + "${downloadsHostname},everest" + ]; systemd = { services.caddy.after = ["tailscaled.service"]; # We have somewhat frequent power outages, and our ISP router takes diff --git a/roles/server/default.nix b/roles/server/default.nix index bc1a6ea..4ba0396 100755 --- a/roles/server/default.nix +++ b/roles/server/default.nix @@ -13,6 +13,7 @@ ./tailscale.nix ./headscale.nix ./caddy.nix + ./dns.nix ./rust_motd.nix ./minecraft.nix ]; diff --git a/roles/server/dns.nix b/roles/server/dns.nix new file mode 100644 index 0000000..1e446e5 --- /dev/null +++ b/roles/server/dns.nix @@ -0,0 +1,42 @@ +{...}: { + services.dnsmasq = { + enable = true; + + # Only using this for tailscale IPs, so better to let tailscale itself deal with it + resolveLocalQueries = false; + + settings = { + listen-address = ["100.73.96.48"]; + + /* + Dnsmasq tries to use the tailscale dns server, which is bad cause that points to dnsmasq + From the little testing I have done it seems to not cause any issues, but better to be safe + than sorry :P + */ + dns-loop-detect = true; + + host-record = [ + "winmax2,winmax2.tailscale,100.106.73.20" + "everest,everest.tailscale,100.73.96.48" + "archie,archie.tailscale,100.113.139.93" + "steamdeck,steamdeck.tailscale,100.85.48.85" + "surfacego,surfacego.tailscale,100.96.92.13" + ]; + + # If this isn't set a cname that targets a host might return the wrong ip + localise-queries = true; + ## IPv6 is not a thing in Spain so I'm guaranteed to not use it + filter-AAAA = true; + domain = "tailscale"; + domain-needed = true; + }; + }; + + programs.rust-motd.settings.service_status.dnsmasq = "dnsmasq"; + + # Dnsmasq conflicts with the resolved dns stub listener + services.resolved.extraConfig = '' + [Resolve] + DNSStubListener=no + ''; +} diff --git a/roles/server/forgejo.nix b/roles/server/forgejo.nix index 52b6847..65fbf83 100644 --- a/roles/server/forgejo.nix +++ b/roles/server/forgejo.nix @@ -44,14 +44,8 @@ in { }; }; - # Add a record for forgejo - services.headscale.settings.dns_config.extra_records = [ - { - name = "git.everest.tailscale"; - type = "A"; - value = "100.100.0.1"; - } - ]; + # Add a cname for forgejo + services.dnsmasq.settings.cname = ["git.everest.tailscale,everest"]; # Set up caddy as the reverse proxy for Forgejo services.caddy.virtualHosts.forgejo = { diff --git a/roles/server/headscale.nix b/roles/server/headscale.nix index 4575327..bfd803f 100644 --- a/roles/server/headscale.nix +++ b/roles/server/headscale.nix @@ -9,7 +9,6 @@ dns_config = { base_domain = "tailscale"; nameservers = ["9.9.9.9"]; - override_local_dns = true; }; }; }; diff --git a/roles/server/syncthing.nix b/roles/server/syncthing.nix index 74caa4b..e6409a9 100755 --- a/roles/server/syncthing.nix +++ b/roles/server/syncthing.nix @@ -39,14 +39,8 @@ AmbientCapabilities = "CAP_CHOWN CAP_FOWNER"; }; - # Add a record for syncthing - services.headscale.settings.dns_config.extra_records = [ - { - name = "sync.everest.tailscale"; - type = "A"; - value = "100.100.0.1"; - } - ]; + # Add a cname for syncthing + services.dnsmasq.settings.cname = ["sync.everest.tailscale,everest"]; # Set up caddy as the reverse proxy for syncthing services.caddy.virtualHosts.syncthing = { diff --git a/roles/server/transmission.nix b/roles/server/transmission.nix index a1aafdb..e52f286 100755 --- a/roles/server/transmission.nix +++ b/roles/server/transmission.nix @@ -37,14 +37,8 @@ in { ''; }; - # Add a record for transmission - services.headscale.settings.dns_config.extra_records = [ - { - name = "transmission.everest.tailscale"; - type = "A"; - value = "100.100.0.1"; - } - ]; + # Add a cname for transmission + services.dnsmasq.settings.cname = ["transmission.everest.tailscale,everest"]; # Set up caddy as the reverse proxy for transmission services.caddy.virtualHosts.transmission = {