52 lines
1.1 KiB
Nix
52 lines
1.1 KiB
Nix
{ config, lib, ... }:
|
|
{
|
|
|
|
options = {
|
|
mainInterface = lib.mkOption {
|
|
type = lib.types.str;
|
|
};
|
|
};
|
|
config = {
|
|
environment.etc."unbound/ads.zone".text = ''
|
|
$ORIGIN local.
|
|
tiktock.com CNAME .
|
|
*.tiktock.com CNAME .
|
|
iogames.space CNAME .
|
|
*.iogames.space CNAME .
|
|
taming.io CNAME .
|
|
*.taming.io CNAME .
|
|
'';
|
|
|
|
networking = {
|
|
firewall = {
|
|
allowedUDPPorts = [
|
|
53
|
|
];
|
|
allowedTCPPorts = [ 53 ];
|
|
};
|
|
};
|
|
|
|
services = {
|
|
unbound = {
|
|
enable = true;
|
|
localControlSocketPath = "/var/lib/unbound/control.sock";
|
|
settings = {
|
|
server = {
|
|
do-ip6 = "no";
|
|
qname-minimisation = "yes";
|
|
interface = [ config.mainInterface ];
|
|
access-control = [
|
|
"10.0.0.0/8 allow"
|
|
"fc::/7 allow"
|
|
];
|
|
};
|
|
include = [
|
|
"${../configs/unbound-local.conf}"
|
|
"${../configs/unbound-threat-zone.conf}"
|
|
"${../configs/unbound-local-block.conf}"
|
|
];
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|