From c8b271d6b97c179d5d0a0cadc412a62fbe48a43e Mon Sep 17 00:00:00 2001 From: Kyle Isom Date: Thu, 26 Mar 2026 15:35:47 -0700 Subject: [PATCH] Fix DNS routing: override Tailscale catch-all for mcp.metacircular.net --- hw/vade/default.nix | 30 +++++++++++++++++++++++++----- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/hw/vade/default.nix b/hw/vade/default.nix index b988ad5..de8546e 100644 --- a/hw/vade/default.nix +++ b/hw/vade/default.nix @@ -41,13 +41,33 @@ ]; # Route internal Metacircular zones to rift's CoreDNS (MCNS precursor). - # Uses systemd-resolved domain routing so rift handles only *.mcp.metacircular.net - # while DHCP/Tailscale DNS handles everything else. + # Tailscale sets ~. (catch-all) on tailscale0, which overrides global + # domain routing. We need a per-link override that takes priority. + # This systemd service runs after tailscale and adds the routing domain + # to a virtual interface that points at rift's CoreDNS. networking.nameservers = [ "192.168.88.181" "100.95.252.120" ]; - services.resolved.domains = [ - "~mcp.metacircular.net" - ]; + + systemd.services.mcp-dns-route = { + description = "Route mcp.metacircular.net DNS to rift CoreDNS"; + after = [ "network-online.target" "tailscaled.service" ]; + wants = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + # Tailscale sets ~. (catch-all) on tailscale0, overriding all other + # DNS routing. We replace it with specific routes: Tailscale names + # stay on Tailscale DNS, and mcp.metacircular.net goes to rift's + # CoreDNS (via the Tailscale overlay). + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + # Add rift's CoreDNS alongside Tailscale's DNS on the tailscale0 link + ${pkgs.systemd}/bin/resolvectl dns tailscale0 100.100.100.100 100.95.252.120 + # Replace ~. with specific routing domains + ${pkgs.systemd}/bin/resolvectl domain tailscale0 ~scylla-hammerhead.ts.net ~mcp.metacircular.net + ''; + }; }