os/hosts/pie/unbound.nix

64 lines
1.8 KiB
Nix

{ pkgs, lib, ... }: {
networking.firewall.allowedUDPPorts = [ 53 ];
networking.firewall.allowedTCPPorts = [ 53 ];
services.unbound = {
enable = true;
settings = {
server = {
include = [
"\"${pkgs.adlist.unbound-adblockStevenBlack}\""
];
interface = [
"0.0.0.0"
"::0"
];
access-control = [
"192.168.178.0/24 allow"
"2a02:908:5b1:e3c0::/64 allow"
];
local-zone = [
"\"b12f.io\" static"
"\"local\" static"
"\"box\" static"
];
local-data = [
"\"brwb8763f64a364.local. 10800 IN A 192.168.178.4\""
"\"droppie.local. 10800 IN A 192.168.178.3\""
"\"droppie.local. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:3\""
"\"droppie.b12f.io. 10800 IN A 10.0.1.3\""
"\"droppie.b12f.io. 10800 IN AAAA fd00:acab:1312:acab:3::\""
"\"backup.b12f.io. 10800 IN CNAME droppie.b12f.io\""
"\"pie.local. 10800 IN A 192.168.178.2\""
"\"pie.local. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:2\""
"\"vpn.b12f.io. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:2\""
"\"pie.b12f.io. 10800 IN A 10.0.1.2\""
"\"pie.b12f.io. 10800 IN AAAA fd00:acab:1312:acab:2::\""
"\"firefly.b12f.io. 10800 IN CNAME pie.b12f.io\""
"\"firefly-importer.b12f.io. 10800 IN CNAME pie.b12f.io\""
"\"paperless.b12f.io. 10800 IN CNAME pie.b12f.io\""
"\"fritz.box. 10800 IN A 192.168.178.1\""
"\"fritz.box. 10800 IN AAAA fd00::3ea6:2fff:fe57:30b0\""
];
};
forward-zone = [
{
name = ".";
forward-addr = [
"9.9.9.9@53#quad9"
"2620:fe::fe@53#quad9"
];
forward-tls-upstream = "no";
}
];
};
};
}