fix: dns in podman containers

modules/nixos/containers/media-stack/default.nix

@@ -28,7 +28,6 @@ let
     "0.0.0.0:7000:7000"
     "0.0.0.0:7000:7000/udp"
   ];
-  pod-dns = "10.10.10.1";
 in
 {
   imports = [
@@ -67,7 +66,6 @@ in
 
     virtualisation.quadlet.pods.media-stack = {
       podConfig = {
-        dns = [ pod-dns ];
         networks = [ networks.br-services.ref ];
         publishPorts = open-ports;
       };

modules/nixos/virtualisation/virtualisation.nix

@@ -6,7 +6,12 @@
   ...
 }:
 let
-  inherit (lib) mkEnableOption mkIf optionals;
+  inherit (lib)
+    mapAttrs
+    mkEnableOption
+    mkIf
+    optionals
+    ;
   cfg = config.ataraxia.virtualisation;
 
   defaultUser = config.ataraxia.defaults.users.defaultUser;
@@ -75,14 +80,13 @@ in
       spiceUSBRedirection.enable = cfg.libvirt;
 
       quadlet = {
-        enable = true;
+        enable = cfg.podman;
         autoEscape = true;
         autoUpdate.enable = false;
         networks = {
           br-services.networkConfig = {
-            # TODO: enable dns, fix dns resolution
-            # dns = [ "10.10.10.1" ];
-            disableDns = true;
+            disableDns = false;
+            dns = [ "10.10.10.1" ];
             driver = "bridge";
             ipamDriver = "host-local";
             ipv6 = false;
@@ -110,7 +114,22 @@ in
       ];
     };
 
-    networking.firewall.trustedInterfaces = mkIf cfg.libvirt [ "virbr0" ];
+    networking.firewall = {
+      trustedInterfaces = mkIf cfg.libvirt [ "virbr0" ];
+      interfaces =
+        {
+          "podman*".allowedUDPPorts = mkIf cfg.podman [
+            53
+            5353
+          ];
+        }
+        // mapAttrs (_: _: {
+          allowedUDPPorts = [
+            53
+            5353
+          ];
+        }) config.virtualisation.quadlet.networks;
+    };
 
     security.unprivilegedUsernsClone = true;