From 0e6147c5ecef17f365ec00f52973b5c01cfcb5d0 Mon Sep 17 00:00:00 2001 From: SebastianStork Date: Tue, 17 Mar 2026 21:37:12 +0100 Subject: [PATCH 1/7] srv-core, vps-ns: Temporarily disable blocking-nameservers --- hosts/srv-core/configuration.nix | 4 ---- hosts/vps-ns/configuration.nix | 6 +----- 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/hosts/srv-core/configuration.nix b/hosts/srv-core/configuration.nix index e912bac..3efc798 100644 --- a/hosts/srv-core/configuration.nix +++ b/hosts/srv-core/configuration.nix @@ -17,10 +17,6 @@ }; services = { - blocking-nameserver = { - enable = true; - gui.domain = "adguard.${config.custom.networking.overlay.fqdn}"; - }; recursive-nameserver.enable = true; private-nameserver.enable = true; diff --git a/hosts/vps-ns/configuration.nix b/hosts/vps-ns/configuration.nix index d19b173..701eb12 100644 --- a/hosts/vps-ns/configuration.nix +++ b/hosts/vps-ns/configuration.nix @@ -1,4 +1,4 @@ -{ config, self, ... }: +{ self, ... }: { imports = [ self.nixosModules.server-profile ]; @@ -21,10 +21,6 @@ }; services = { - blocking-nameserver = { - enable = true; - gui.domain = "adguard.${config.custom.networking.overlay.fqdn}"; - }; recursive-nameserver.enable = true; private-nameserver.enable = true; public-nameserver = { From 7e922ee312e329f63f35a2b91317414a5f8a168f Mon Sep 17 00:00:00 2001 From: SebastianStork Date: Tue, 17 Mar 2026 21:50:49 +0100 Subject: [PATCH 2/7] Revert "srv-core, vps-ns: Temporarily disable blocking-nameservers" This reverts commit 0e6147c5ecef17f365ec00f52973b5c01cfcb5d0. --- hosts/srv-core/configuration.nix | 4 ++++ hosts/vps-ns/configuration.nix | 6 +++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/hosts/srv-core/configuration.nix b/hosts/srv-core/configuration.nix index 3efc798..e912bac 100644 --- a/hosts/srv-core/configuration.nix +++ b/hosts/srv-core/configuration.nix @@ -17,6 +17,10 @@ }; services = { + blocking-nameserver = { + enable = true; + gui.domain = "adguard.${config.custom.networking.overlay.fqdn}"; + }; recursive-nameserver.enable = true; private-nameserver.enable = true; diff --git a/hosts/vps-ns/configuration.nix b/hosts/vps-ns/configuration.nix index 701eb12..d19b173 100644 --- a/hosts/vps-ns/configuration.nix +++ b/hosts/vps-ns/configuration.nix @@ -1,4 +1,4 @@ -{ self, ... }: +{ config, self, ... }: { imports = [ self.nixosModules.server-profile ]; @@ -21,6 +21,10 @@ }; services = { + blocking-nameserver = { + enable = true; + gui.domain = "adguard.${config.custom.networking.overlay.fqdn}"; + }; recursive-nameserver.enable = true; private-nameserver.enable = true; public-nameserver = { From e6de0eab052e79d39d404a0a89ac4bd8991f6bd5 Mon Sep 17 00:00:00 2001 From: SebastianStork Date: Tue, 17 Mar 2026 21:52:35 +0100 Subject: [PATCH 3/7] networking/overlay: Use non-blocking-nameservers on servers --- modules/nixos/networking/overlay.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/nixos/networking/overlay.nix b/modules/nixos/networking/overlay.nix index d2166a6..1ed8f7d 100644 --- a/modules/nixos/networking/overlay.nix +++ b/modules/nixos/networking/overlay.nix @@ -78,7 +78,12 @@ in dnsServers = lib.mkOption { type = lib.types.listOf lib.types.nonEmptyStr; - default = if (blocking-nameservers != [ ]) then blocking-nameservers else recursive-nameservers; + default = + { + "client" = blocking-nameservers; + "server" = recursive-nameservers; + } + .${cfg.role}; }; implementation = lib.mkOption { From 0a8944823b718e30f42e2183136cbf2c6d5be9c5 Mon Sep 17 00:00:00 2001 From: SebastianStork Date: Tue, 17 Mar 2026 21:59:39 +0100 Subject: [PATCH 4/7] networking/overlay: Fallback to non-blocking-nameservers on clients --- modules/nixos/networking/overlay.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/networking/overlay.nix b/modules/nixos/networking/overlay.nix index 1ed8f7d..3a18caa 100644 --- a/modules/nixos/networking/overlay.nix +++ b/modules/nixos/networking/overlay.nix @@ -80,7 +80,7 @@ in type = lib.types.listOf lib.types.nonEmptyStr; default = { - "client" = blocking-nameservers; + "client" = if (blocking-nameservers != [ ]) then blocking-nameservers else recursive-nameservers; "server" = recursive-nameservers; } .${cfg.role}; From 16944ec493ffec4991bd1d4845f96ac6ae79c40e Mon Sep 17 00:00:00 2001 From: SebastianStork Date: Tue, 17 Mar 2026 22:00:00 +0100 Subject: [PATCH 5/7] glance: Add dns widgets --- modules/nixos/web-services/glance.nix | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/modules/nixos/web-services/glance.nix b/modules/nixos/web-services/glance.nix index 6442030..eb4754d 100644 --- a/modules/nixos/web-services/glance.nix +++ b/modules/nixos/web-services/glance.nix @@ -92,6 +92,17 @@ let ''; }; + + dnsWidgets = + allHosts + |> lib.attrValues + |> lib.filter (host: host.config.custom.services.blocking-nameserver.enable) + |> lib.map (host: { + type = "dns-stats"; + title = host.config.networking.hostName; + service = "adguard"; + url = "https://${host.config.custom.services.blocking-nameserver.gui.domain}/"; + }); in { options.custom.web-services.glance = { @@ -132,7 +143,7 @@ in } { size = "small"; - widgets = [ githubBadgeWidget ]; + widgets = [ githubBadgeWidget ] ++ dnsWidgets; } ]; }; From 49fc98403968a65a47408a950912881080505ab0 Mon Sep 17 00:00:00 2001 From: SebastianStork Date: Tue, 17 Mar 2026 22:05:27 +0100 Subject: [PATCH 6/7] Revert "glance: Increase monitor timeout" This reverts commit 2f11b4eec2b472ac8d4ba43f899980101434fc5f. --- modules/nixos/web-services/glance.nix | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/modules/nixos/web-services/glance.nix b/modules/nixos/web-services/glance.nix index eb4754d..ae45524 100644 --- a/modules/nixos/web-services/glance.nix +++ b/modules/nixos/web-services/glance.nix @@ -8,6 +8,9 @@ let cfg = config.custom.web-services.glance; + perHostDomains = + perHostSitesWidget.widgets |> lib.concatMap (widget: widget.sites) |> lib.map (site: site.domain); + perHostSitesWidget = allHosts |> lib.attrValues @@ -18,8 +21,7 @@ let sites = host.config.custom.meta.sites |> lib.attrValues - |> lib.filter (site: site.domain |> lib.hasSuffix host.config.custom.networking.overlay.fqdn) - |> lib.map (site: site // { timeout = "5s"; }); + |> lib.filter (site: site.domain |> lib.hasSuffix host.config.custom.networking.overlay.fqdn); }) |> lib.filter ({ sites, ... }: sites != [ ]) |> (widgets: { @@ -28,24 +30,21 @@ let inherit widgets; }); - perHostDomains = - perHostSitesWidget.widgets |> lib.concatMap (widget: widget.sites) |> lib.map (site: site.domain); - applicationSitesWidget = allHosts |> lib.attrValues |> lib.concatMap (host: host.config.custom.meta.sites |> lib.attrValues) - |> lib.filter (site: !lib.elem site.domain perHostDomains) + |> lib.filter (service: !lib.elem service.domain perHostDomains) |> lib.groupBy ( - site: - site.domain |> self.lib.isPrivateDomain |> (isPrivate: if isPrivate then "Private" else "Public") + service: + service.domain |> self.lib.isPrivateDomain |> (isPrivate: if isPrivate then "Private" else "Public") ) |> lib.mapAttrsToList ( name: value: { type = "monitor"; cache = "1m"; title = "${name} Services"; - sites = value |> lib.map (site: site // { timeout = "5s"; }); + sites = value; } ) |> (widgets: { From 286388294db4eb815d52898f913c8ec6587c5105 Mon Sep 17 00:00:00 2001 From: SebastianStork Date: Tue, 17 Mar 2026 22:10:49 +0100 Subject: [PATCH 7/7] glance: Re-enable search auto focus --- modules/nixos/web-services/glance.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/nixos/web-services/glance.nix b/modules/nixos/web-services/glance.nix index ae45524..02ef141 100644 --- a/modules/nixos/web-services/glance.nix +++ b/modules/nixos/web-services/glance.nix @@ -34,10 +34,10 @@ let allHosts |> lib.attrValues |> lib.concatMap (host: host.config.custom.meta.sites |> lib.attrValues) - |> lib.filter (service: !lib.elem service.domain perHostDomains) + |> lib.filter (site: !lib.elem site.domain perHostDomains) |> lib.groupBy ( - service: - service.domain |> self.lib.isPrivateDomain |> (isPrivate: if isPrivate then "Private" else "Public") + site: + site.domain |> self.lib.isPrivateDomain |> (isPrivate: if isPrivate then "Private" else "Public") ) |> lib.mapAttrsToList ( name: value: { @@ -134,7 +134,7 @@ in { type = "search"; search-engine = "https://search.splitleaf.de/search?q={QUERY}"; - autofocus = false; + autofocus = true; } applicationSitesWidget perHostSitesWidget