{ pkgs, lib, ... }: { networking.firewall.allowedUDPPorts = [ 53 ]; networking.firewall.allowedTCPPorts = [ 53 ]; services.unbound = { enable = true; settings = { server = { include = [ "\"${pkgs.adlist.unbound-adblockStevenBlack}\"" ]; interface = [ "0.0.0.0" "::0" ]; access-control = [ # Allow from local network "192.168.178.0/24 allow" # Allow from wireguard "10.0.1.0/24 allow" "fd00:b12f:acab:1312:acab::/48 allow" ]; local-zone = [ "\"b12f.io\" static" "\"local\" static" "\"box\" static" ]; local-data = [ "\"brwb8763f64a364.local. 10800 IN A 192.168.178.4\"" "\"droppie.local. 10800 IN A 192.168.178.3\"" "\"droppie.local. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:3::\"" "\"droppie.b12f.io. 10800 IN A 10.0.1.3\"" "\"droppie.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:3::\"" "\"backup.b12f.io. 10800 IN A 10.0.1.3\"" "\"backup.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:3::\"" "\"pie.local. 10800 IN A 192.168.178.2\"" "\"pie.local. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:2::\"" "\"pie.b12f.io. 10800 IN A 10.0.1.2\"" "\"pie.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\"" "\"firefly.b12f.io. 10800 IN A 10.0.1.2\"" "\"firefly.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\"" "\"firefly-importer.b12f.io. 10800 IN A 10.0.1.2\"" "\"firefly-importer.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\"" "\"paperless.b12f.io. 10800 IN A 10.0.1.2\"" "\"paperless.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\"" "\"invoicing.b12f.io. 10800 IN A 10.0.1.2\"" "\"invoicing.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\"" "\"vpn.b12f.io. 10800 IN A 128.140.109.213\"" "\"vpn.b12f.io. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:2::\"" "\"frikandel.b12f.io. 10800 IN A 10.0.1.7\"" "\"fritz.box. 10800 IN A 192.168.178.1\"" "\"fritz.box. 10800 IN AAAA fd00::3ea6:2fff:fe57:30b0\"" ]; }; forward-zone = [ { name = "."; forward-addr = [ "9.9.9.9@53#quad9" "2620:fe::fe@53#quad9" ]; forward-tls-upstream = "no"; } ]; }; }; }