nix-configs/nixos-modules/unbound.nix

{ config, lib, ... }:
{

  options = {
    mainInterface = lib.mkOption {
      type = lib.types.str;
    };
  };
  config = {
    environment.etc."unbound/ads.zone".text = ''
      tiktock.com CNAME .
      *.tiktock.com CNAME .
      iogames.space CNAME .
      *.iogames.space CNAME .
      taming.io CNAME .
      *.taming.io CNAME .
    '';

    networking = {
      firewall = {
        allowedUDPPorts = [
          53
        ];
        allowedTCPPorts = [ 53 ];
      };
    };

    services = {
      unbound = {
        enable = true;
        localControlSocketPath = "/var/lib/unbound/control.sock";
        settings = {
          server = {
            do-ip6 = "no";
            qname-minimisation = "yes";
            interface = [ config.mainInterface ];
            access-control = [
              "10.0.0.0/8 allow"
              "fc::/7 allow"
            ];
          };
          include = [
            "${../configs/unbound-local.conf}"
            "${../configs/unbound-threat-zone.conf}"
            "${../configs/unbound-local-block.conf}"
          ];
        };
      };
    };
  };
}
New blocklist layout 2024-12-31 13:28:56 -05:00			`{ config, lib, ... }:`
dual dhcp/dns 2024-12-29 18:59:34 -05:00			`{`
New blocklist layout 2024-12-31 13:28:56 -05:00
			`options = {`
			`mainInterface = lib.mkOption {`
			`type = lib.types.str;`
dual dhcp/dns 2024-12-29 18:59:34 -05:00			`};`
			`};`
New blocklist layout 2024-12-31 13:28:56 -05:00			`config = {`
			`environment.etc."unbound/ads.zone".text = ''`
			`tiktock.com CNAME .`
			`*.tiktock.com CNAME .`
			`iogames.space CNAME .`
			`*.iogames.space CNAME .`
			`taming.io CNAME .`
			`*.taming.io CNAME .`
			`'';`
dual dhcp/dns 2024-12-29 18:59:34 -05:00
New blocklist layout 2024-12-31 13:28:56 -05:00			`networking = {`
			`firewall = {`
			`allowedUDPPorts = [`
			`53`
			`];`
			`allowedTCPPorts = [ 53 ];`
			`};`
dual dhcp/dns 2024-12-29 18:59:34 -05:00			`};`

New blocklist layout 2024-12-31 13:28:56 -05:00			`services = {`
			`unbound = {`
			`enable = true;`
			`localControlSocketPath = "/var/lib/unbound/control.sock";`
			`settings = {`
			`server = {`
			`do-ip6 = "no";`
			`qname-minimisation = "yes";`
			`interface = [ config.mainInterface ];`
			`access-control = [`
			`"10.0.0.0/8 allow"`
			`"fc::/7 allow"`
			`];`
			`};`
			`include = [`
			`"${../configs/unbound-local.conf}"`
			`"${../configs/unbound-threat-zone.conf}"`
			`"${../configs/unbound-local-block.conf}"`
dual dhcp/dns 2024-12-29 18:59:34 -05:00			`];`
			`};`
			`};`
			`};`
			`};`
			`}`