Resolve tinc hosts with subdomains too

2024-08-16 14:13:30 +02:00 · 2024-08-16 14:13:30 +02:00 · f0807443fd
parent b1db7229cd
commit f0807443fd
2 changed files with 18 additions and 5 deletions
--- a/modules/my-tinc/hosts.nix
+++ b/modules/my-tinc/hosts.nix
@ -23,10 +23,13 @@ in
      hosts;

    # Add all of them to host
-    networking.extraHosts = lib.strings.concatStringsSep
-      "\n"
-      (lib.attrsets.mapAttrsToList
-        (name: host: "${host.subnetAddr} ${name}.tinc")
-        hosts);
+    nki.services.edns = {
+      enable = true;
+      cloaking-rules =
+        (lib.attrsets.mapAttrs'
+          (name: host: { name = "${name}.tinc"; value = host.subnetAddr; })
+          hosts)
+      ;
+    };
  };
 }
--- a/modules/services/edns/default.nix
+++ b/modules/services/edns/default.nix
@ -8,6 +8,11 @@ in
  options.nki.services.edns = {
    enable = mkEnableOption "Enable encrypted DNS";
    ipv6 = mkEnableOption "Enable ipv6";
+    cloaking-rules = mkOption {
+      type = types.attrsOf types.str;
+      default = { };
+      description = "A set of domain -> ip mapping for cloaking_rules";
+    };
  };

  config = mkIf cfg.enable {
@ -42,6 +47,11 @@ in
          { server_name = "*"; via = [ "anon-plan9-dns" "anon-v.dnscrypt.up-ipv4" ]; }
        ];
        anonymized_dns.skip_incompatible = true;
+
+        # Cloaking rules
+        cloaking_rules = pkgs.writeText "cloaking_rules.txt" (lib.strings.concatStringsSep
+          "\n"
+          (lib.attrsets.mapAttrsToList (name: ip: "${name} ${ip}") cfg.cloaking-rules));
      };
    };
  };