Dns Policy
@lint/dns-policyv2026.05.22.1
01README
DNS policy compiler — merge manual vhosts + auto-discovered proxy hosts + static rewrites into a deduped desired list for an internal-DNS reconciler (e.g. AdGuard Home), plus a separate hostname list for public exposure.
02Models
@lint/dns-policyv2026.05.22.1dns-policy.ts
Global Arguments
| Argument | Type | Description |
|---|---|---|
| instanceLabel | string | Human label, e.g. 'homelab' |
| proxyTargetIp | string | Reverse proxy IP — every vhost resolves here, e.g. '192.168.4.60' |
| proxySuffix | string | Vhost domain suffix, e.g. 'bos.lol' — yields '<vhost>.<proxySuffix>' |
| vhosts | array | Vhost names exposed via the reverse proxy (e.g. ['sonarr', 'portainer']). Each becomes '<name>.<proxySuffix>' → proxyTargetIp. |
| staticRewrites | array | Hand-listed rewrites for cases the proxy pattern doesn't cover (infra hosts, wildcards, off-proxy targets). |
| publicVhosts | array | Subset of vhosts (bare names) that should ALSO be reachable externally (e.g. via Cloudflare). Emitted as desired_public_records for a downstream public-DNS reconciler. |
fn build(discoveredVhosts: array)
Compose vhost rewrites + discovered vhosts + static rewrites into a deduped desired list for an internal-DNS reconciler. Discovered vhosts (e.g. from NPM) are merged with the manual vhosts global arg.
| Argument | Type | Description |
|---|---|---|
| discoveredVhosts | array | Auto-discovered vhost domain names (already fully qualified, e.g. 'sonarr.bos.lol'). Sourced from NPM or other proxy inventory. |
Resources
desired_rewrites(infinite)— Desired internal-DNS rewrite list — consumed by @lint/adguard.reconcileRewrites (or any compatible reconciler)
desired_public_records(infinite)— Hostnames to expose externally — consumed by a public-DNS reconciler
03Workflows
@lint/dns-rewrite-sync
Example DNS reconcile pipeline that wires @lint/dns-policy together with @lint/nginx-proxy-manager and @lint/adguard (and optionally Cloudflare): npm.sync → dns-policy.build → adguard.reconcileRewrites (+ cloudflare.reconcile if installed) prune=true on the reconcile steps makes dns-policy the canonical source of truth — hand-added rewrites in AdGuard are cleaned up on the next run. Step `modelIdOrName` values reference model INSTANCE names, not types. If you
reconcileSync NPM, build desired list (manual vhosts + NPM-discovered + statics), push to AdGuard
1.npm-syncnpm.sync— Pull proxy hosts from Nginx Proxy Manager
2.dns-policy-builddns-policy.build— Merge manual vhosts + NPM-discovered vhosts + statics into desired_rewrites
3.adguard-reconcileadguard.reconcileRewrites— Apply desired_rewrites to AdGuard (prune=true — dns-policy is canonical)
4.cloudflare-reconcilecloudflare.reconcile— (Optional) apply desired_public_records to Cloudflare — delete this step if you don't run a public-DNS reconciler
04Stats
A
100 / 100
Downloads
0
Archive size
6.9 KB
- Has README or module doc2/2earned
- README has a code example1/1earned
- README is substantive1/1earned
- Most symbols documented1/1earned
- No slow types1/1earned
- Dependencies pass trust audit2/2earned
- Has description1/1earned
- Platform support declared (or universal)2/2earned
- License declared1/1earned
- Verified public repository2/2earned
05Platforms
06Labels