nixos-configs/devices/cluster/modules/unbound.nix

82 lines
2.1 KiB
Nix
Raw Normal View History

{config, ...}: let
inherit (config.vars) mainUser hostName;
in {
2023-11-29 10:29:06 -05:00
# https://github.com/MatthewVance/unbound-docker-rpi/issues/4#issuecomment-1001879602
boot.kernel.sysctl."net.core.rmem_max" = 1048576;
users.users.${mainUser}.extraGroups = ["unbound"];
2023-11-29 10:29:06 -05:00
services.unbound = {
enable = true;
enableRootTrustAnchor = true;
2023-12-20 03:52:42 -05:00
resolveLocalQueries = false;
2023-11-29 10:29:06 -05:00
settings = {
server = {
interface = ["127.0.0.1"];
port = 5335;
# Custom DNS
local-zone = [
"headscale.nelim.org redirect"
"git.nelim.org redirect"
"mc.nelim.org transparent"
"cv.nelim.org transparent"
"mc2.nelim.org transparent"
"ota.nelim.org redirect"
"nelim.org redirect"
];
local-data = let
2024-02-26 19:04:05 -05:00
wanIP = "166.62.179.208";
caddyIp =
if hostName == "thingone"
then "100.64.0.8"
else "100.64.0.9";
in [
2024-02-26 19:04:05 -05:00
"\"headscale.nelim.org. IN A ${wanIP}\""
2023-11-29 10:29:06 -05:00
2024-02-26 19:04:05 -05:00
"\"git.nelim.org. IN A ${wanIP}\""
2023-11-29 10:29:06 -05:00
"\"mc.nelim.org IN A 100.64.0.7\""
2023-11-29 10:29:06 -05:00
"\"_minecraft._tcp.mc.nelim.org. 180 IN SRV 0 0 25569 mc.nelim.org.\""
"\"cv.nelim.org IN A 100.64.0.7\""
2023-11-29 10:29:06 -05:00
"\"_minecraft._tcp.cv.nelim.org. 180 IN SRV 0 0 25566 cv.nelim.org.\""
"\"mc2.nelim.org IN A 100.64.0.7\""
2023-11-29 10:29:06 -05:00
"\"_minecraft._tcp.mc2.nelim.org. 180 IN SRV 0 0 25560 mc2.nelim.org.\""
"\"ota.nelim.org. IN A 100.64.0.5\""
"\"nelim.org 0 A ${caddyIp}\""
2023-11-29 10:29:06 -05:00
];
do-ip4 = true;
do-ip6 = false;
prefer-ip6 = false;
do-udp = true;
do-tcp = true;
# Performance
prefetch = true;
num-threads = 1;
private-address = [
"172.16.0.0/12"
"10.0.0.0/8"
"100.64.0.0/8"
"fd00::/8"
"fe80::/10"
];
# Default stuff
harden-glue = true;
harden-dnssec-stripped = true;
use-caps-for-id = false;
edns-buffer-size = 1232;
so-rcvbuf = "1m";
};
};
};
}