From a7afbda1091c85eb012aa6495f13b91bf632db9f Mon Sep 17 00:00:00 2001
From: Cilly Leang <mini@cilly.moe>
Date: Mon, 16 Mar 2026 16:24:12 +1100
Subject: [PATCH] containers/citrine: refactor networking and use proper
 nameservers

---
 containers/citrine/flake.nix | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/containers/citrine/flake.nix b/containers/citrine/flake.nix
index 5f6c381..1a2573e 100644
--- a/containers/citrine/flake.nix
+++ b/containers/citrine/flake.nix
@@ -5,19 +5,25 @@
   };
   outputs = { nixpkgs, catppuccin, ... }:
   let
+    name = "citrine";
+    subnetId = "3";
+    subnet = x: "fd0d:1::${subnetId}:${x}";
+    host = subnet 1;
+    client = subnet 2;
+
     modules = [
       ./configuration.nix
       catppuccin.nixosModules.catppuccin
+      {
+        networking.useHostResolvConf = false;
+        networking.nameservers = [ host ];
+      }
     ];
   in {
     nixosConfigurations.container = nixpkgs.lib.nixosSystem {
       inherit modules;
     };
-    nixosModule = { ... }:
-    let
-      name = "citrine";
-      subnet = "3";
-    in {
+    nixosModule = { ... }: {
       networking.nat = {
         enable = true;
         enableIPv6 = true;
@@ -27,15 +33,15 @@
       services.nginx.virtualHosts."garden.lava.moe" = {
         useACMEHost = "lava.moe";
         forceSSL = true;
-        locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:3000";
+        locations."/".proxyPass = "http://[${client}]:3000";
       };
 
       systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
       containers.${name} = {
         autoStart = true;
         privateNetwork = true;
-        hostAddress6 = "fd0d:1::${subnet}:1";
-        localAddress6 = "fd0d:1::${subnet}:2";
+        hostAddress6 = host;
+        localAddress6 = client;
         # privateUsers = "pick";
         nixpkgs = nixpkgs;
         ephemeral = true;