nix/shared/commons/resolver.nix

{ config, ... }:

let
    # Import nodes
    nodes = import ./../../nodes.nix;

    # Import mapping
    mapping = import ./../../mapping.nix;
in
{
    services.resolved.enable = false;
    networking.resolvconf.enable = false;

    networking.domain = "lf";

    environment.etc."resolv.conf".text = ''
        # Do not edit, will be overwritten by Nixos
        domain ${config.networking.domain}
        search ${config.networking.domain}
        ${builtins.concatStringsSep "\n" (map (ip: "nameserver ${ip}") config.services.dnsmasq.settings.listen-address)}
        options edns0 trust-ad
    '';

    services.dnsmasq = {
        enable = true;
        settings = {
            bind-interfaces = true;
            listen-address = [
                "::1"
                "127.0.0.1"
            ];
            local = [
                "/${config.networking.domain}/"
            ];
            server = [
                "1.1.1.1"
                "8.8.8.8"
                "9.9.9.9"
            ] ++ map (hostName: "/lf/172.19.${toString nodes.${hostName}.zone}.${toString nodes.${hostName}.id}") mapping.dns.hosts
            ++ map (hostName: "/lf/fc00::${toString nodes.${hostName}.zone}:${toString nodes.${hostName}.id}") mapping.dns.hosts;
            no-resolv = true;
            # Resolvconf can auto-generated /etc/dnsmasq-{conf,resolv}.conf
            # By default dnsmasq import them
            # We've disable resolvconf, but just to be on the safe side
            resolv-file = false;
            conf-file = false;
            log-queries = false;
        };
    };
}