Server/headscale: override local dns

For some reason extra dns records don't apply without the override
Server: replace dnsmasq cnames with headscale extra dns records
2024-11-03 01:19:30 +01:00 · 2024-11-03 01:18:39 +01:00 · 2024-11-02 18:18:20 +01:00 · 2024-11-01 23:24:53 +01:00 · 2024-11-01 12:27:51 +01:00
8 changed files with 88 additions and 105 deletions
--- a/flake.lock
+++ b/flake.lock
@ -25,11 +25,11 @@
    },
    "catppuccin": {
      "locked": {
-        "lastModified": 1728407414,
+        "lastModified": 1730036420,
-        "narHash": "sha256-B8LaxUP93eh+it8RW1pGq4SsU2kj7f0ipzFuhBvpON8=",
+        "narHash": "sha256-rv2bz7J6Wo7AenPiu4+ptCB1AFyaMcS77y89zbRAtI8=",
        "owner": "catppuccin",
        "repo": "nix",
-        "rev": "96cf8b4a05fb23a53c027621b1147b5cf9e5439f",
+        "rev": "0b7bf04628414a402d255924f65e9a0d1a53d92b",
        "type": "github"
      },
      "original": {
@ -59,11 +59,11 @@
    "eza-themes": {
      "flake": false,
      "locked": {
-        "lastModified": 1726839736,
+        "lastModified": 1730050654,
-        "narHash": "sha256-dd9KBb3Upg+x/4ImQwSwKWtDHyfk/29zLkmrVgHVsh0=",
+        "narHash": "sha256-Gs21+A/to2AqjQsqMlWeOuSowYPOuSZ3fK6LRdBPUmI=",
        "owner": "eza-community",
        "repo": "eza-themes",
-        "rev": "302f4783dcd84a8221f1da8223d1ea0885fd26e3",
+        "rev": "74be26bbd2ce76b29c37250a2fb7cb5d6644c964",
        "type": "github"
      },
      "original": {
@ -234,11 +234,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1729459288,
+        "lastModified": 1730450782,
-        "narHash": "sha256-gBOVJv+q6Mx8jGvwX7cE6J8+sZmi1uxpRVsO7WxvVuQ=",
+        "narHash": "sha256-0AfApF8aexgB6o34qqLW2cCX4LaWJajBVdU6ddiWZBM=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "1e27f213d77fc842603628bcf2df6681d7d08f7e",
+        "rev": "8ca921e5a806b5b6171add542defe7bdac79d189",
        "type": "github"
      },
      "original": {
@ -276,11 +276,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1729177642,
+        "lastModified": 1730441026,
-        "narHash": "sha256-DdKal+ZhB9QD/tnEwFg4cZ4j4YnrkvSljBxnyG+3eE0=",
+        "narHash": "sha256-xmZQFGeIm2TzXv4jGaQ3nfBoUbt4gKbIv/SHVWw93ag=",
        "owner": "Jovian-Experiments",
        "repo": "Jovian-NixOS",
-        "rev": "bb69165ff372ddbd3228a03513922acd783040e8",
+        "rev": "bd1da5657b8903b293a0ff51eb896a91a544ebed",
        "type": "github"
      },
      "original": {
@ -292,11 +292,11 @@
    "lix": {
      "flake": false,
      "locked": {
-        "lastModified": 1729455191,
+        "lastModified": 1730433081,
-        "narHash": "sha256-8hqmXUj2NH7fqZLFtFer+FfldkTaTmbkghvxM2UNK10=",
+        "narHash": "sha256-1oqkMcFQyAqCvqkjG9K3NaRLyB1qkXXiZoxe4rwM6ag=",
-        "rev": "068f4b147d589f2a219ba917537b53a56089c1ba",
+        "rev": "834450e237b82230934b5d25ed212b5a55938cc5",
        "type": "tarball",
-        "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/068f4b147d589f2a219ba917537b53a56089c1ba.tar.gz?rev=068f4b147d589f2a219ba917537b53a56089c1ba"
+        "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/834450e237b82230934b5d25ed212b5a55938cc5.tar.gz?rev=834450e237b82230934b5d25ed212b5a55938cc5"
      },
      "original": {
        "type": "tarball",
@ -351,11 +351,11 @@
    },
    "nix-flatpak": {
      "locked": {
-        "lastModified": 1729453639,
+        "lastModified": 1730108712,
-        "narHash": "sha256-L19R5CXCfTU9IFs9FAaYhDiteegfhJQMiAHLfls4Pdw=",
+        "narHash": "sha256-vIvmXmjAQIY39hACGFe/cdBK2r3ZprpHLwX2HIy7Mj8=",
        "owner": "gmodena",
        "repo": "nix-flatpak",
-        "rev": "68bc646058386e2ffbd9d78d79d6558e684f6b8c",
+        "rev": "1cba177bb0a948c919af7596e40bef307543d40a",
        "type": "github"
      },
      "original": {
@ -373,11 +373,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1690328911,
+        "lastModified": 1729697500,
-        "narHash": "sha256-fxtExYk+aGf2YbjeWQ8JY9/n9dwuEt+ma1eUFzF8Jeo=",
+        "narHash": "sha256-VFTWrbzDlZyFHHb1AlKRiD/qqCJIripXKiCSFS8fAOY=",
        "owner": "zhaofengli",
        "repo": "nix-github-actions",
-        "rev": "96df4a39c52f53cb7098b923224d8ce941b64747",
+        "rev": "e418aeb728b6aa5ca8c5c71974e7159c2df1d8cf",
        "type": "github"
      },
      "original": {
@ -389,11 +389,11 @@
    },
    "nix-impermanence": {
      "locked": {
-        "lastModified": 1729068498,
+        "lastModified": 1730403150,
-        "narHash": "sha256-C2sGRJl1EmBq0nO98TNd4cbUy20ABSgnHWXLIJQWRFA=",
+        "narHash": "sha256-W1FH5aJ/GpRCOA7DXT/sJHFpa5r8sq2qAUncWwRZ3Gg=",
        "owner": "nix-community",
        "repo": "impermanence",
-        "rev": "e337457502571b23e449bf42153d7faa10c0a562",
+        "rev": "0d09341beeaa2367bac5d718df1404bf2ce45e6f",
        "type": "github"
      },
      "original": {
@ -409,11 +409,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1729394935,
+        "lastModified": 1729999765,
-        "narHash": "sha256-2ntUG+NJKdfhlrh/tF+jOU0fOesO7lm5ZZVSYitsvH8=",
+        "narHash": "sha256-LYsavZXitFjjyETZoij8usXjTa7fa9AIF3Sk3MJSX+Y=",
        "owner": "Mic92",
        "repo": "nix-index-database",
-        "rev": "04f8a11f247ba00263b060fbcdc95484fd046104",
+        "rev": "0e3a8778c2ee218eff8de6aacf3d2fa6c33b2d4f",
        "type": "github"
      },
      "original": {
@ -429,11 +429,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1729394935,
+        "lastModified": 1729999765,
-        "narHash": "sha256-2ntUG+NJKdfhlrh/tF+jOU0fOesO7lm5ZZVSYitsvH8=",
+        "narHash": "sha256-LYsavZXitFjjyETZoij8usXjTa7fa9AIF3Sk3MJSX+Y=",
        "owner": "Mic92",
        "repo": "nix-index-database",
-        "rev": "04f8a11f247ba00263b060fbcdc95484fd046104",
+        "rev": "0e3a8778c2ee218eff8de6aacf3d2fa6c33b2d4f",
        "type": "github"
      },
      "original": {
@ -451,11 +451,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1729389245,
+        "lastModified": 1730426071,
-        "narHash": "sha256-vkTEnmCpkMn0DzaQDkLLCBUDXe+zhMiCfykdeC/BQjc=",
+        "narHash": "sha256-2BkSiHqyWikpz9HSgTBk5kikaQ5m0Rs60C9KA2kf53o=",
        "owner": "Infinidoge",
        "repo": "nix-minecraft",
-        "rev": "4141afa4cc8f63b7c88788a319efef69459222ee",
+        "rev": "4b371c3d119493051d081ff5b6cff689a97ad1a1",
        "type": "github"
      },
      "original": {
@ -466,11 +466,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1729455275,
+        "lastModified": 1730368399,
-        "narHash": "sha256-THqzn/7um3oMHUEGXyq+1CJQE7EogwR3HjLMNOlhFBE=",
+        "narHash": "sha256-F8vJtG389i9fp3k2/UDYHMed3PLCJYfxCqwiVP7b9ig=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "9fcf30fccf8435f6390efec4a4d38e69c2268a36",
+        "rev": "da14839ac5f38ee6adbdb4e6db09b5eef6d6ccdc",
        "type": "github"
      },
      "original": {
@ -498,11 +498,11 @@
    },
    "nixpkgs-raw": {
      "locked": {
-        "lastModified": 1729181673,
+        "lastModified": 1730327045,
-        "narHash": "sha256-LDiPhQ3l+fBjRATNtnuDZsBS7hqoBtPkKBkhpoBHv3I=",
+        "narHash": "sha256-xKel5kd1AbExymxoIfQ7pgcX6hjw9jCgbiBjiUfSVJ8=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "4eb33fe664af7b41a4c446f87d20c9a0a6321fa3",
+        "rev": "080166c15633801df010977d9d7474b4a6c549d7",
        "type": "github"
      },
      "original": {
@ -513,11 +513,11 @@
    },
    "nixpkgs-unstable-raw": {
      "locked": {
-        "lastModified": 1729256560,
+        "lastModified": 1730200266,
-        "narHash": "sha256-/uilDXvCIEs3C9l73JTACm4quuHUsIHcns1c+cHUJwA=",
+        "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "4c2fcb090b1f3e5b47eaa7bd33913b574a11e0a0",
+        "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd",
        "type": "github"
      },
      "original": {
@ -528,11 +528,11 @@
    },
    "nur": {
      "locked": {
-        "lastModified": 1729460551,
+        "lastModified": 1730455118,
-        "narHash": "sha256-/+63hDTCMSplnJ/V5dd7y43kRkiRVOCjGsQ+LWg+0jM=",
+        "narHash": "sha256-E5yWeAUKohUot11JBfH7apOyPjqs3z2/fAtUc2LNfHw=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "f0da30b33a995a031ba331faa11b58b22dc69469",
+        "rev": "5bf603459b923edbee4955e9fc94b94662add85c",
        "type": "github"
      },
      "original": {
@ -551,11 +551,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1729372184,
+        "lastModified": 1730366788,
-        "narHash": "sha256-Tb2/jJ74pt0nmfprkOW1g5zZphJTNbzLnyDENM+c5+I=",
+        "narHash": "sha256-0Ezvv4KkyFdLAblPBFDgZbiMLlJZtpHruT2i4KC2wIY=",
        "owner": "nix-community",
        "repo": "plasma-manager",
-        "rev": "9390dadadc58ffda8e494b31ef66a4ae041f6dd1",
+        "rev": "f634d5f6ee9be365b2ca08b2d00e0e3b0c240b9e",
        "type": "github"
      },
      "original": {
@ -690,11 +690,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1729389220,
+        "lastModified": 1730426202,
-        "narHash": "sha256-vHCkVYWrw03vn48Yihor5PXiSuxDSF1TcyO2kAs1Ehg=",
+        "narHash": "sha256-swwKpE3lrdvcSh6Hjyf/eSe/zPnsZgeVlSl+B4yBpeo=",
        "owner": "nix-community",
        "repo": "nix-vscode-extensions",
-        "rev": "f4dd6d6b728a61095b944de1fbc58c5bbdc87320",
+        "rev": "96dcbddd24edc60ad47f41bb2a73e06099eba4af",
        "type": "github"
      },
      "original": {
--- a/roles/server/caddy.nix
+++ b/roles/server/caddy.nix
@ -47,9 +47,16 @@ in {
      };
    };
  };
-  services.dnsmasq.settings.cname = [
+  services.headscale.settings.dns_config.extra_records = let
-    "${manualHostname},everest"
+    makeRecords = builtins.map (recordName: {
-    "${downloadsHostname},everest"
+      name = recordName;
      type = "A";
      value = "100.100.0.1";
    });
  in
    makeRecords [
      manualHostname
      downloadsHostname
    ];
  systemd = {
    services.caddy.after = ["tailscaled.service"];
--- a/roles/server/default.nix
+++ b/roles/server/default.nix
@ -13,7 +13,6 @@
    ./tailscale.nix
    ./headscale.nix
    ./caddy.nix
    ./dns.nix
    ./rust_motd.nix
    ./minecraft.nix
  ];
--- a/roles/server/dns.nix
+++ b/roles/server/dns.nix
@ -1,42 +0,0 @@
 {...}: {
  services.dnsmasq = {
    enable = true;
    # Only using this for tailscale IPs, so better to let tailscale itself deal with it
    resolveLocalQueries = false;
    settings = {
      listen-address = ["100.73.96.48"];
      /*
      Dnsmasq tries to use the tailscale dns server, which is bad cause that points to dnsmasq
      From the little testing I have done it seems to not cause any issues, but better to be safe
      than sorry :P
      */
      dns-loop-detect = true;
      host-record = [
        "winmax2,winmax2.tailscale,100.106.73.20"
        "everest,everest.tailscale,100.73.96.48"
        "archie,archie.tailscale,100.113.139.93"
        "steamdeck,steamdeck.tailscale,100.85.48.85"
        "surfacego,surfacego.tailscale,100.96.92.13"
      ];
      # If this isn't set a cname that targets a host might return the wrong ip
      localise-queries = true;
      ## IPv6 is not a thing in Spain so I'm guaranteed to not use it
      filter-AAAA = true;
      domain = "tailscale";
      domain-needed = true;
    };
  };
  programs.rust-motd.settings.service_status.dnsmasq = "dnsmasq";
  # Dnsmasq conflicts with the resolved dns stub listener
  services.resolved.extraConfig = ''
    [Resolve]
    DNSStubListener=no
  '';
 }
--- a/roles/server/forgejo.nix
+++ b/roles/server/forgejo.nix
@ -44,8 +44,14 @@ in {
    };
  };
-  # Add a cname for forgejo
+  # Add a record for forgejo
-  services.dnsmasq.settings.cname = ["git.everest.tailscale,everest"];
+  services.headscale.settings.dns_config.extra_records = [
    {
      name = "git.everest.tailscale";
      type = "A";
      value = "100.100.0.1";
    }
  ];
  # Set up caddy as the reverse proxy for Forgejo
  services.caddy.virtualHosts.forgejo = {
--- a/roles/server/headscale.nix
+++ b/roles/server/headscale.nix
@ -9,6 +9,7 @@
      dns_config = {
        base_domain = "tailscale";
        nameservers = ["9.9.9.9"];
        override_local_dns = true;
      };
    };
  };
--- a/roles/server/syncthing.nix
+++ b/roles/server/syncthing.nix
@ -39,8 +39,14 @@
    AmbientCapabilities = "CAP_CHOWN CAP_FOWNER";
  };
-  # Add a cname for syncthing
+  # Add a record for syncthing
-  services.dnsmasq.settings.cname = ["sync.everest.tailscale,everest"];
+  services.headscale.settings.dns_config.extra_records = [
    {
      name = "sync.everest.tailscale";
      type = "A";
      value = "100.100.0.1";
    }
  ];
  # Set up caddy as the reverse proxy for syncthing
  services.caddy.virtualHosts.syncthing = {
--- a/roles/server/transmission.nix
+++ b/roles/server/transmission.nix
@ -37,8 +37,14 @@ in {
    '';
  };
-  # Add a cname for transmission
+  # Add a record for transmission
-  services.dnsmasq.settings.cname = ["transmission.everest.tailscale,everest"];
+  services.headscale.settings.dns_config.extra_records = [
    {
      name = "transmission.everest.tailscale";
      type = "A";
      value = "100.100.0.1";
    }
  ];
  # Set up caddy as the reverse proxy for transmission
  services.caddy.virtualHosts.transmission = {
Author	SHA1	Message	Date
Toast	34e1dd0bfc	Server/headscale: override local dns For some reason extra dns records don't apply without the override	2024-11-03 01:19:30 +01:00
Toast	0e66939ab1	Server: replace dnsmasq cnames with headscale extra dns records	2024-11-03 01:18:39 +01:00
Toast	c7d2db076b	Server: get rid of dnsmasq I can add custom records to headscale's dns settings, so I don't need dnsmasq anymore. This will also bring back resolved's stub	2024-11-02 18:18:20 +01:00
Toast	52a08be94d	Merge branch 'main' into headscale	2024-11-01 23:24:53 +01:00
Toast	d18e059d1e	Flake: update lock file	2024-11-01 12:27:51 +01:00