diff --git a/hosts/raptus/container-root.nix b/hosts/raptus/container-root.nix index e3c6a85..2c29a43 100644 --- a/hosts/raptus/container-root.nix +++ b/hosts/raptus/container-root.nix @@ -6,10 +6,6 @@ enable = true; autoPrune.enable = true; dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; }; virtualisation.oci-containers.backend = "podman"; diff --git a/hosts/raptus/headscale.nix b/hosts/raptus/headscale.nix index ad05686..f95b2ea 100644 --- a/hosts/raptus/headscale.nix +++ b/hosts/raptus/headscale.nix @@ -42,6 +42,14 @@ mkIf config.services.headscale.enable { }; logtail.enabled = false; + + dns_config = { + override_local_dns = true; + magic_dns = true; + nameservers = [ + "100.64.0.4" + ]; + }; }; }; diff --git a/hosts/shan/adguard.nix b/hosts/shan/adguard.nix index f977e5d..907e69d 100644 --- a/hosts/shan/adguard.nix +++ b/hosts/shan/adguard.nix @@ -1,16 +1,23 @@ { config, + lib, ... }: +let + inherit (lib) mkIf; + cfg = config.services.adguardhome; +in { config = { + networking.firewall.allowedUDPPorts = mkIf cfg.openFirewall [ cfg.settings.dns.port ]; + services.adguardhome = { enable = true; - port = 3001; + port = 3000; openFirewall = true; settings = { http = { - address = "0.0.0.0:3000"; + address = "0.0.0.0:${toString cfg.port}"; }; auth_attempts = 5; block_auth_min = 10; @@ -19,11 +26,15 @@ port = 53; upstream_mode = "load_balance"; upstream_dns_file = config.age.secrets.adguard-dns-list.path; + fallback_dns = [ "9.9.9.9" ]; }; clients = { persistent = [ { - ids = [ "100.64.0.1" ]; + ids = [ + "100.64.0.1" + "192.168.178.20" + ]; name = "brontes"; tags = [ "device_pc" ]; }