From 09f57a1e6f3f2978b9c95e56e59c050d5c6d2b52 Mon Sep 17 00:00:00 2001
From: Romain Paquet <rpqt@rpqt.fr>
Date: Mon, 24 Nov 2025 17:11:04 +0100
Subject: [PATCH] clan: migrate internal DNS to coredns service

Currently using a patched version of the upstream
coredns service, with hard-coded IPs until
wireguard exports are supported.

Zerotier connections were flaky and wireguard
seems more stable (although it seems to have a bit
less throughput).
---
 clan/network.nix                   | 31 ++++++++++++++++++++++++++++++
 machines/crocus/configuration.nix  |  2 --
 machines/genepi/configuration.nix  |  2 --
 machines/verbena/configuration.nix |  2 --
 4 files changed, 31 insertions(+), 6 deletions(-)

diff --git a/clan/network.nix b/clan/network.nix
index e9e1cc8..1891745 100644
--- a/clan/network.nix
+++ b/clan/network.nix
@@ -32,4 +32,35 @@
       genepi = { };
     };
   };
+
+  # Temporarily patched version of clan-core/coredns for AAAA records support
+  clan.inventory.instances.coredns = {
+    module.name = "@rpqt/coredns";
+    module.input = "self";
+
+    roles.default.tags.all = { };
+    roles.server.machines.verbena = {
+      settings.ip = "fd28:387a:90:c400::1";
+    };
+    roles.server.machines.crocus = {
+      settings.ip = "fd28:387a:90:c400:6db2:dfc3:c376:9956";
+    };
+    roles.server.settings = {
+      tld = "home.rpqt.fr";
+    };
+
+    roles.default.machines.genepi.settings = {
+      ip = "fd28:387a:90:c400:ab23:3d38:a148:f539"; # FIXME: IPv4 expected (A record)
+      services = [
+        "actual"
+        "assistant"
+        "glance"
+        "grafana"
+        "images"
+        "lounge"
+        "pinchflat"
+        "rss"
+      ];
+    };
+  };
 }
diff --git a/machines/crocus/configuration.nix b/machines/crocus/configuration.nix
index 73b83d4..2e2772d 100644
--- a/machines/crocus/configuration.nix
+++ b/machines/crocus/configuration.nix
@@ -7,8 +7,6 @@
     ./radicle.nix
     self.nixosModules.nix-defaults
     ../../modules/remote-builder.nix
-    ../../modules/unbound.nix
-    ../../modules/unbound-auth.nix
     self.inputs.srvos.nixosModules.server
     self.inputs.srvos.nixosModules.hardware-hetzner-cloud
   ];
diff --git a/machines/genepi/configuration.nix b/machines/genepi/configuration.nix
index 7bf8be3..5321f9d 100644
--- a/machines/genepi/configuration.nix
+++ b/machines/genepi/configuration.nix
@@ -20,8 +20,6 @@
 
     ../../modules/acme-home.nix
     ../../modules/lounge.nix
-    ../../modules/unbound.nix
-    ../../modules/unbound-auth.nix
     self.nixosModules.nix-defaults
 
     self.nixosModules.user-rpqt
diff --git a/machines/verbena/configuration.nix b/machines/verbena/configuration.nix
index 1318135..ce0aa9b 100644
--- a/machines/verbena/configuration.nix
+++ b/machines/verbena/configuration.nix
@@ -2,8 +2,6 @@
 {
   imports = [
     self.nixosModules.nix-defaults
-    ../../modules/unbound.nix
-    ../../modules/unbound-auth.nix
     self.nixosModules.nextcloud
     self.nixosModules.gitea