nixos-config/hosts/clunk.nix

{ lib, config, pkgs, ... }:

let
  hostname = "clunk";
  host-internal-ip = "10.0.0.1";
  inherit (lib.strings) concatStringsSep;

in {

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  hardware.bluetooth.enable = false;

  imports = [
    ../defaults.nix
    ../hardware-configuration.nix
  ];

  fudo.common = {
    profile = "server";
    site = "russell";
  };

  # fudo.local-network = {
  #   enable = true;
  #   dns-servers = [ host-internal-ip ];
  #   gateway = host-internal-ip;
  #   dhcp-interfaces = [ "intif0" ];
  #   dns-serve-ips = [ host-internal-ip "127.0.0.1" "127.0.1.1" ];
  #   # Using a pihole running in docker, see below
  #   recursive-resolver = "${host-internal-ip} port 5353";
  #   # recursive-resolver = "1.1.1.1";
  #   server-ip = host-internal-ip;
  # };

  networking = {
    hostName = hostname;

    nameservers = [ host-internal-ip ];

    # Create a bridge for VMs to use
    macvlans = {
      intif0 = {
        interface = "enp2s0";
        mode = "bridge";
      };
    };

    interfaces = {
      enp2s0.useDHCP = false;
      enp3s0.useDHCP = false;
      enp4s0.useDHCP = false;

      enp1s0.useDHCP = true;

      intif0 = {
        useDHCP = false;
      	# Result of:
        # echo clunk-intif0|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/'
        macAddress = "02:44:d1:eb:c3:6b";
        ipv4.addresses = [
          {
            address = host-internal-ip;
            prefixLength = 22;
          }
        ];
      };
    };

    nat = {
      enable = true;
      externalInterface = "enp1s0";
      internalInterfaces = ["intif0"];
    };
  };

  fudo = {
    secure-dns-proxy = {
      enable = true;
      port = 3535;
      upstream-dns = [
        "https://cloudflare-dns.com/dns-query"
      ];
      bootstrap-dns = "1.1.1.1";
    };
  };

  environment.systemPackages = with pkgs; [
    dnsproxy
  ];

  virtualisation = {
    docker = {
      enable = true;
      autoPrune.enable = true;
      enableOnBoot = true;
    };
  };

  docker-containers = {
    pihole = {
      image = "pihole/pihole:4.3.2-1";
      ports = [
        "5353:53/tcp"
        "5353:53/udp"
        "3080:80/tcp"
      ];
      environment = {
        ServerIP = host-internal-ip;
        VIRTUAL_HOST = "dns-hole.sea.fudo.org";
        DNS1 = "1.1.1.1";
        DNS2 = "8.8.8.8";
      };
      volumes = [
        "/srv/pihole/etc-pihole/:/etc/pihole/"
        "/srv/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/"
      ];
      # TODO: DNS-over-HTTPS via cloudflared
      # extraDockerOptions = [
      #   "--dns=1.1.1.1"
      # ];
    };
  };
}