39 lines
847 B
Nix
39 lines
847 B
Nix
{ pkgs, ... }: {
|
|
networking.firewall.allowedTCPPorts = [
|
|
53
|
|
];
|
|
networking.firewall.allowedUDPPorts = [
|
|
53
|
|
];
|
|
services.unbound = {
|
|
enable = true;
|
|
|
|
settings = {
|
|
server = {
|
|
access-control = [
|
|
"127.0.0.0/8 allow"
|
|
"0.0.0.0/0 allow"
|
|
];
|
|
local-zone = "home.2rjus.net nodefault";
|
|
domain-insecure = "home.2rjus.net";
|
|
interface = "0.0.0.0";
|
|
do-not-query-localhost = "no";
|
|
port = "53";
|
|
do-ip4 = "yes";
|
|
do-ip6 = "no";
|
|
do-udp = "yes";
|
|
do-tcp = "yes";
|
|
};
|
|
stub-zone = {
|
|
name = "home.2rjus.net";
|
|
stub-addr = "127.0.0.1@8053";
|
|
};
|
|
forward-zone = {
|
|
name = ".";
|
|
forward-tls-upstream = "yes";
|
|
forward-addr = "1.1.1.1@853#cloudflare-dns.com";
|
|
};
|
|
};
|
|
};
|
|
}
|