os/hosts/pie/unbound.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

80 lines
2.6 KiB
Nix
Raw Normal View History

2023-09-12 20:07:05 +00:00
{ pkgs, lib, ... }: {
2023-09-11 21:51:13 +00:00
networking.firewall.allowedUDPPorts = [ 53 ];
networking.firewall.allowedTCPPorts = [ 53 ];
services.unbound = {
enable = true;
settings = {
server = {
include = [
2023-09-12 20:07:05 +00:00
"\"${pkgs.adlist.unbound-adblockStevenBlack}\""
2023-09-11 21:51:13 +00:00
];
interface = [
"0.0.0.0"
"::0"
];
access-control = [
# Allow from local network
"192.168.178.0/24 allow"
# Allow from wireguard
"10.0.1.0/24 allow"
2023-10-26 13:10:54 +00:00
"fd00:b12f:acab:1312:acab::/48 allow"
];
2023-09-11 21:51:13 +00:00
local-zone = [
"\"b12f.io\" static"
"\"local\" static"
"\"box\" static"
];
local-data = [
2023-10-10 11:37:17 +00:00
"\"brwb8763f64a364.local. 10800 IN A 192.168.178.4\""
"\"droppie.local. 10800 IN A 192.168.178.3\""
"\"droppie.local. 10800 IN AAAA 2a02:908:5b1:e3c0:3::\""
2023-10-19 22:37:08 +00:00
2023-10-19 18:55:56 +00:00
"\"droppie.b12f.io. 10800 IN A 10.0.1.3\""
2023-10-26 13:10:54 +00:00
"\"droppie.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:3::\""
"\"backup.b12f.io. 10800 IN A 10.0.1.3\""
2023-10-26 13:10:54 +00:00
"\"backup.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:3::\""
2023-09-11 21:51:13 +00:00
"\"pie.local. 10800 IN A 192.168.178.2\""
"\"pie.local. 10800 IN AAAA 2a02:908:5b1:e3c0:2::\""
2023-10-19 22:37:08 +00:00
2023-10-19 18:55:56 +00:00
"\"pie.b12f.io. 10800 IN A 10.0.1.2\""
2023-10-26 13:10:54 +00:00
"\"pie.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\""
"\"firefly.b12f.io. 10800 IN A 10.0.1.2\""
2023-10-26 13:10:54 +00:00
"\"firefly.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\""
"\"firefly-importer.b12f.io. 10800 IN A 10.0.1.2\""
2023-10-26 13:10:54 +00:00
"\"firefly-importer.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\""
"\"paperless.b12f.io. 10800 IN A 10.0.1.2\""
2023-10-26 13:10:54 +00:00
"\"paperless.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\""
"\"invoicing.b12f.io. 10800 IN A 10.0.1.2\""
2023-10-26 13:10:54 +00:00
"\"invoicing.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\""
2023-10-24 15:56:14 +00:00
"\"vpn.b12f.io. 10800 IN A 128.140.109.213\""
"\"vpn.b12f.io. 10800 IN AAAA 2a01:4f8:c2c:b60::\""
2023-10-24 15:56:14 +00:00
"\"frikandel.b12f.io. 10800 IN A 10.0.1.7\""
"\"frikandel.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\""
2023-10-24 15:56:14 +00:00
2023-09-11 21:51:13 +00:00
"\"fritz.box. 10800 IN A 192.168.178.1\""
"\"fritz.box. 10800 IN AAAA fd00::3ea6:2fff:fe57:30b0\""
2023-09-11 21:51:13 +00:00
];
};
forward-zone = [
{
name = ".";
forward-addr = [
2023-11-02 00:25:39 +00:00
"193.110.81.0#dns0.eu"
"2a0f:fc80::#dns0.eu"
"185.253.5.0#dns0.eu"
"2a0f:fc81::#dns0.eu"
2023-09-11 21:51:13 +00:00
];
2023-11-02 00:25:39 +00:00
forward-tls-upstream = "yes";
2023-09-11 21:51:13 +00:00
}
];
};
};
}