From b4bcfd90a9ad33e29049f0427bd39ab31e2eb1f5 Mon Sep 17 00:00:00 2001
From: Nico <nico@astolfo.org>
Date: Thu, 19 Feb 2026 20:00:01 +1100
Subject: [PATCH] coredns: init

---
 flake.nix                                  |  1 +
 modules/services/{ => dns}/adguardhome.nix |  0
 modules/services/dns/coredns.nix           | 25 ++++++++++++++++++++++
 3 files changed, 26 insertions(+)
 rename modules/services/{ => dns}/adguardhome.nix (100%)
 create mode 100644 modules/services/dns/coredns.nix

diff --git a/flake.nix b/flake.nix
index 21e7f5a..b39335f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -63,6 +63,7 @@
 
         ./modules/network/avahi.nix
         ./modules/services/ssh.nix
+        ./modules/services/dns/coredns.nix
         ./modules/network/vpn/tailscale.nix
 
         ./modules/nix/linux.nix
diff --git a/modules/services/adguardhome.nix b/modules/services/dns/adguardhome.nix
similarity index 100%
rename from modules/services/adguardhome.nix
rename to modules/services/dns/adguardhome.nix
diff --git a/modules/services/dns/coredns.nix b/modules/services/dns/coredns.nix
new file mode 100644
index 0000000..7382617
--- /dev/null
+++ b/modules/services/dns/coredns.nix
@@ -0,0 +1,25 @@
+{ config, ... }:
+
+{
+  services.coredns = {
+    enable = true;
+    config = ''
+      .:53 {
+        hosts {
+          100.100.144.4 seika.astolfo.org
+          fallthrough
+        }
+
+        # rewrite the CNAME to itself so hosts rule apply
+        rewrite cname exact seika.astolfo.org. seika.astolfo.org.
+
+        forward . 1.1.1.1
+        log
+        errors
+      }
+    '';
+  };
+
+  networking.firewall.allowedTCPPorts = [ 53 ];
+  networking.firewall.allowedUDPPorts = [ 53 ];
+}