From 96ca6c6ea08a9ff6f625f763efbce841b2a06325 Mon Sep 17 00:00:00 2001
From: blake <me@blakedheld.xyz>
Date: Tue, 4 Nov 2025 23:43:29 -0600
Subject: [PATCH] hopeing

---
 hosts/nixos/snowbelle/configuration.nix |  1 +
 modules/homelab/default.nix             |  1 +
 modules/homelab/dnsmasq/default.nix     | 41 +++++++++++++++++++++++++
 3 files changed, 43 insertions(+)
 create mode 100644 modules/homelab/dnsmasq/default.nix

diff --git a/hosts/nixos/snowbelle/configuration.nix b/hosts/nixos/snowbelle/configuration.nix
index 607b720..09d2b04 100644
--- a/hosts/nixos/snowbelle/configuration.nix
+++ b/hosts/nixos/snowbelle/configuration.nix
@@ -38,6 +38,7 @@ in
   homelab = {
     enable = true;
     tailscale.enable = true;
+    dnsmasq.enable = true;
     backups.enable = true;
     motd.enable = true;
     postfix.enable = true;
diff --git a/modules/homelab/default.nix b/modules/homelab/default.nix
index a794f40..c24bd61 100644
--- a/modules/homelab/default.nix
+++ b/modules/homelab/default.nix
@@ -42,6 +42,7 @@ in
   # the order determines the order in glance :3
   imports = [
     ./motd
+    ./dnsmasq
     ./backups
     ./glance
     ./postfix
diff --git a/modules/homelab/dnsmasq/default.nix b/modules/homelab/dnsmasq/default.nix
new file mode 100644
index 0000000..f570b37
--- /dev/null
+++ b/modules/homelab/dnsmasq/default.nix
@@ -0,0 +1,41 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}: let
+  service = "dnsmasq";
+  cfg = config.homelab.${service};
+  sec = config.sops.secrets;
+  homelab = config.homelab;
+in {
+  options.homelab.${service} = {
+    enable = lib.mkEnableOption "enables ${service}";
+    port = lib.mkOption {
+      type = lib.types.int;
+      default = 53;
+      description = "set port for ${service} (default: ${toString cfg.port}";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    # enable the ${service} service
+    services.${service} = {
+      enable = true;
+      settings = {
+        listen-address = "10.10.0.10";  # your LAN IP
+        bind-interfaces = true;
+        address = "/snowbelle.lan/10.10.0.10";
+        server = [ # upstream dns
+          "9.9.9.9"
+          "1.1.1.1"
+        ];
+      };
+    };
+
+    # open firewall
+    networking.firewall.allowedTCPPorts = [ cfg.port ];
+    networking.firewall.allowedUDPPorts = [ cfg.port ];
+
+  };
+}