services/unbound: init
This commit is contained in:
parent
5bd03881e0
commit
40f3f9b11f
GPG key ID:
6500251E087653C9
5 changed files with 47 additions and 0 deletions
17
flake.lock
generated
17
flake.lock
generated
|
|
@ -234,6 +234,22 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"hosts-blocklists": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1645608170,
|
||||||
|
"narHash": "sha256-fOOmZyagbl5JYp+YYBqeE8uJqr+a3zjoHlW7DQ9ZRK8=",
|
||||||
|
"owner": "notracking",
|
||||||
|
"repo": "hosts-blocklists",
|
||||||
|
"rev": "c5371d52040ef76a54b607fadcd18ece2d18301f",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "notracking",
|
||||||
|
"repo": "hosts-blocklists",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"linux-tkg": {
|
"linux-tkg": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
|
|
@ -553,6 +569,7 @@
|
||||||
"fix-user-popouts": "fix-user-popouts",
|
"fix-user-popouts": "fix-user-popouts",
|
||||||
"home-manager": "home-manager",
|
"home-manager": "home-manager",
|
||||||
"home-manager-porcupine": "home-manager-porcupine",
|
"home-manager-porcupine": "home-manager-porcupine",
|
||||||
|
"hosts-blocklists": "hosts-blocklists",
|
||||||
"linux-tkg": "linux-tkg",
|
"linux-tkg": "linux-tkg",
|
||||||
"multitask": "multitask",
|
"multitask": "multitask",
|
||||||
"neovim-nightly": "neovim-nightly",
|
"neovim-nightly": "neovim-nightly",
|
||||||
|
|
|
||||||
|
|
@ -18,6 +18,7 @@
|
||||||
powercord-overlay.inputs.nixpkgs.follows = "nixpkgs";
|
powercord-overlay.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
# services
|
# services
|
||||||
|
hosts-blocklists = { url = "github:notracking/hosts-blocklists"; flake = false; };
|
||||||
website = { url = "github:LavaDesu/lavadesu.github.io/master"; flake = false; };
|
website = { url = "github:LavaDesu/lavadesu.github.io/master"; flake = false; };
|
||||||
|
|
||||||
# zsh plugins
|
# zsh plugins
|
||||||
|
|
|
||||||
|
|
@ -31,5 +31,6 @@
|
||||||
postgres
|
postgres
|
||||||
synapse
|
synapse
|
||||||
tmptsync
|
tmptsync
|
||||||
|
unbound
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -19,6 +19,7 @@ in {
|
||||||
./services/postgres.nix
|
./services/postgres.nix
|
||||||
./services/synapse.nix
|
./services/synapse.nix
|
||||||
./services/tmptsync.nix
|
./services/tmptsync.nix
|
||||||
|
./services/unbound.nix
|
||||||
];
|
];
|
||||||
system = mkAttrsFromPaths [
|
system = mkAttrsFromPaths [
|
||||||
./system/audio.nix
|
./system/audio.nix
|
||||||
|
|
|
||||||
27
modules/services/unbound.nix
Normal file
27
modules/services/unbound.nix
Normal file
|
|
@ -0,0 +1,27 @@
|
||||||
|
{ inputs, ... }: {
|
||||||
|
networking.firewall.interfaces.wlan0 = {
|
||||||
|
allowedUDPPorts = [ 53 ];
|
||||||
|
allowedTCPPorts = [ 53 ];
|
||||||
|
};
|
||||||
|
services.unbound = {
|
||||||
|
enable = true;
|
||||||
|
stateDir = "/persist/unbound";
|
||||||
|
settings = {
|
||||||
|
forward-zone = [{
|
||||||
|
name = ".";
|
||||||
|
forward-tls-upstream = true;
|
||||||
|
forward-addr = [
|
||||||
|
"1.1.1.1@853#cloudflare-dns.com"
|
||||||
|
"1.0.0.1@853#cloudflare-dns.com"
|
||||||
|
];
|
||||||
|
}];
|
||||||
|
|
||||||
|
server = {
|
||||||
|
interface = [ "0.0.0.0" ];
|
||||||
|
access-control = [ "192.168.100.0/24 allow" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
include = "${inputs.hosts-blocklists}/unbound/unbound.blacklist.conf";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
Loading…
Add table
Add a link
Reference in a new issue