42 lines
997 B
Nix
42 lines
997 B
Nix
{ pkgs, inputs, ... }:
|
|
let
|
|
adlist = inputs.adblock-unbound.packages.${pkgs.system};
|
|
in {
|
|
networking.firewall.allowedUDPPorts = [ 53 ];
|
|
networking.firewall.allowedTCPPorts = [ 53 ];
|
|
|
|
services.unbound = {
|
|
enable = true;
|
|
settings = {
|
|
server = {
|
|
include = [
|
|
"\"${adlist.unbound-adblockStevenBlack}\""
|
|
];
|
|
interface = [ "0.0.0.0" ];
|
|
access-control = [ "192.168.178.0/24 allow" ];
|
|
local-zone = [
|
|
"\"b12f.io\" static"
|
|
"\"local\" static"
|
|
"\"box\" static"
|
|
];
|
|
local-data = [
|
|
"\"backup.b12f.io. 10800 IN A 192.168.178.3\""
|
|
"\"pie.local. 10800 IN A 192.168.178.2\""
|
|
"\"fritz.box. 10800 IN A 192.168.178.1\""
|
|
];
|
|
};
|
|
forward-zone = [
|
|
{
|
|
name = ".";
|
|
forward-addr = [
|
|
"9.9.9.9@53#quad9"
|
|
"2620:fe::fe@53#quad9"
|
|
];
|
|
forward-tls-upstream = "no";
|
|
}
|
|
];
|
|
};
|
|
};
|
|
|
|
}
|