os/hosts/pie/unbound.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

42 lines
997 B
Nix
Raw Normal View History

2023-09-11 21:51:13 +00:00
{ pkgs, inputs, ... }:
let
adlist = inputs.adblock-unbound.packages.${pkgs.system};
in {
networking.firewall.allowedUDPPorts = [ 53 ];
networking.firewall.allowedTCPPorts = [ 53 ];
services.unbound = {
enable = true;
settings = {
server = {
include = [
"\"${adlist.unbound-adblockStevenBlack}\""
];
interface = [ "0.0.0.0" ];
access-control = [ "192.168.178.0/24 allow" ];
local-zone = [
"\"b12f.io\" static"
"\"local\" static"
"\"box\" static"
];
local-data = [
"\"backup.b12f.io. 10800 IN A 192.168.178.3\""
"\"pie.local. 10800 IN A 192.168.178.2\""
"\"fritz.box. 10800 IN A 192.168.178.1\""
];
};
forward-zone = [
{
name = ".";
forward-addr = [
"9.9.9.9@53#quad9"
"2620:fe::fe@53#quad9"
];
forward-tls-upstream = "no";
}
];
};
};
}