apu local dhcp lease dns and invidious

modules/services/dhcp-dns-sync/default.nix

@@ -6,6 +6,11 @@
 }:
 let
   cfg = config.modules.services.dhcp-dns-sync;
+  ownAddress = (
+    lib.elemAt (lib.splitString "/"
+      config.systemd.network.networks."30-${cfg.interface}".networkConfig.Address
+    ) 0
+  );
 
   dhcp-leases-to-unbound =
     pkgs.runCommand "dhcp-leases-to-unbound"
@@ -59,9 +64,10 @@ in
     users.groups.dhcp-dns-sync = { };
 
     # Ensure directories and files exist with proper permissions
+    # Directory needs to be group-writable for unbound group
     systemd.tmpfiles.rules = [
-      "d /var/lib/unbound 0755 unbound unbound -"
-      "f ${cfg.unboundConfigPath} 0644 dhcp-dns-sync dhcp-dns-sync -"
+      "d /var/lib/unbound 0775 unbound unbound -"
+      "f ${cfg.unboundConfigPath} 0644 dhcp-dns-sync unbound -"
     ];
 
     # Extend Unbound configuration to include generated file
@@ -69,6 +75,8 @@ in
       server = {
         local-zone = [ "${cfg.domain}. static" ];
         include = cfg.unboundConfigPath;
+        local-data = [ ''"apu.home.arpa. IN A ${ownAddress}"'' ];
+        local-data-ptr = [ ''"${ownAddress} apu.home.arpa."'' ];
       };
     };
 
@@ -88,7 +96,7 @@ in
       serviceConfig = {
         Type = "oneshot";
         User = "dhcp-dns-sync";
-        Group = "dhcp-dns-sync";
+        Group = "unbound";
         # Allow access to networkctl via D-Bus
         SupplementaryGroups = [ "systemd-network" ];
         # Read/write paths

modules/services/dhcp-dns-sync/dhcp-leases-to-unbound.cr

@@ -58,13 +58,6 @@ def sanitize_hostname(hostname : String) : String?
   sanitized
 end
 
-def reverse_ptr(ip : String) : String?
-  parts = ip.split('.')
-  return nil unless parts.size == 4
-
-  "#{parts[3]}.#{parts[2]}.#{parts[1]}.#{parts[0]}.in-addr.arpa."
-end
-
 def generate_unbound_config(leases : Array(Lease), domain : String) : String
   lines = [] of String
 
@@ -82,22 +75,29 @@ def generate_unbound_config(leases : Array(Lease), domain : String) : String
     # A record
     lines << %{local-data: "#{fqdn} IN A #{lease.address}"}
 
-    # PTR record
-    if ptr = reverse_ptr(lease.address)
-      lines << %{local-data-ptr: "#{ptr} #{fqdn}"}
-    end
+    # PTR record - local-data-ptr expects IP in normal form, unbound reverses it
+    lines << %{local-data-ptr: "#{lease.address} #{fqdn}"}
   end
 
   lines.join("\n") + "\n"
 end
 
 def get_leases(interface : String, networkctl_path : String? = nil) : Array(Lease)
-  cmd = networkctl_path ? "#{networkctl_path} status #{interface} --json=short" : "networkctl status #{interface} --json=short"
-  output = `#{cmd}`
-  raise "networkctl failed (exit code #{$?.exit_status}): #{output}" unless $?.success?
+  cmd = networkctl_path ? "#{networkctl_path}" : "networkctl"
+  args = ["status", interface, "--json=short"]
 
-  status = NetworkStatus.from_json(output)
-  status.dhcp_server.try(&.leases) || [] of Lease
+  Process.run(cmd, args, output: Process::Redirect::Pipe, error: Process::Redirect::Pipe) do |process|
+    result = process.wait
+    output = process.output.to_s
+
+    unless result.success?
+      error = process.error.to_s
+      raise "networkctl failed (exit code #{result.exit_code}): #{error.empty? ? output : error}"
+    end
+
+    status = NetworkStatus.from_json(output)
+    status.dhcp_server.try(&.leases) || [] of Lease
+  end
 end
 
 def write_if_changed(content : String, path : String) : Bool
@@ -151,13 +151,18 @@ OptionParser.parse do |parser|
 end
 
 def reload_unbound(unbound_control_path : String?)
-  cmd = unbound_control_path ? "#{unbound_control_path} reload" : "unbound-control reload"
+  cmd = unbound_control_path ? "#{unbound_control_path}" : "unbound-control"
   puts "Reloading Unbound..."
-  result = system(cmd)
-  unless result
-    # Fallback to systemctl
-    system("systemctl reload unbound")
+
+  Process.run(cmd, ["reload"], output: Process::Redirect::Pipe, error: Process::Redirect::Pipe) do |process|
+    result = process.wait
+
+    unless result.success?
+      raise "unbound reload failed (exit code #{result.exit_code}): #{process.error}"
+    end
   end
+
+  puts "Unbound reloaded successfully."
 end
 
 begin