2024-08-11 14:53:45 -04:00
|
|
|
{
|
|
|
|
config,
|
|
|
|
lib,
|
2024-11-22 23:15:13 -05:00
|
|
|
mainUser,
|
2024-08-11 14:53:45 -04:00
|
|
|
...
|
|
|
|
}: let
|
|
|
|
inherit (lib) foldl isList mapAttrsToList mergeAttrsWithFunc remove unique;
|
|
|
|
mergeAttrsList = list:
|
|
|
|
foldl (mergeAttrsWithFunc (a: b:
|
|
|
|
if isList a && isList b
|
|
|
|
then unique (a ++ b)
|
|
|
|
else b)) {}
|
|
|
|
list;
|
|
|
|
|
2024-11-18 12:30:54 -05:00
|
|
|
inherit (config.networking) hostName;
|
2024-08-11 14:53:45 -04:00
|
|
|
|
|
|
|
serviviIP = "100.64.0.7";
|
|
|
|
caddyIp =
|
|
|
|
if hostName == "thingone"
|
|
|
|
then "100.64.0.8"
|
|
|
|
else "100.64.0.9";
|
2024-01-09 13:13:04 -05:00
|
|
|
in {
|
2023-11-29 10:29:06 -05:00
|
|
|
# https://github.com/MatthewVance/unbound-docker-rpi/issues/4#issuecomment-1001879602
|
|
|
|
boot.kernel.sysctl."net.core.rmem_max" = 1048576;
|
|
|
|
|
2024-01-09 13:13:04 -05:00
|
|
|
users.users.${mainUser}.extraGroups = ["unbound"];
|
2023-11-29 22:14:29 -05:00
|
|
|
|
2023-11-29 10:29:06 -05:00
|
|
|
services.unbound = {
|
|
|
|
enable = true;
|
|
|
|
enableRootTrustAnchor = true;
|
2023-12-20 03:52:42 -05:00
|
|
|
resolveLocalQueries = false;
|
2023-11-29 10:29:06 -05:00
|
|
|
|
|
|
|
settings = {
|
2024-08-11 14:53:45 -04:00
|
|
|
server = let
|
|
|
|
mkLocalEntry = domain: ip: {
|
|
|
|
local-zone = ["${domain} redirect"];
|
|
|
|
local-data = ["\"${domain} IN A ${ip}\""];
|
|
|
|
};
|
2023-11-29 10:29:06 -05:00
|
|
|
|
2024-08-11 14:53:45 -04:00
|
|
|
mkMinecraftEntry = domain: port: {
|
|
|
|
local-zone = ["${domain} transparent"];
|
|
|
|
local-data = [
|
|
|
|
"\"${domain} IN A ${serviviIP}\""
|
|
|
|
"\"_minecraft._tcp.${domain}. 180 IN SRV 0 0 ${toString port} ${domain}.\""
|
|
|
|
];
|
|
|
|
};
|
2023-11-29 10:29:06 -05:00
|
|
|
|
2024-08-11 16:52:00 -04:00
|
|
|
forceResolveEntry = domain: {
|
|
|
|
local-zone = ["${domain} always_transparent"];
|
|
|
|
};
|
|
|
|
|
2024-08-11 14:53:45 -04:00
|
|
|
publicApps = remove "nelim.org" (mapAttrsToList (n: v: v.hostName) config.services.caddy.virtualHosts);
|
|
|
|
in
|
|
|
|
mergeAttrsList (
|
2024-12-21 19:07:46 -05:00
|
|
|
[(mkLocalEntry "cache-apt.nelim.org" "100.64.0.10")]
|
|
|
|
++ (map forceResolveEntry publicApps)
|
2024-08-11 14:53:45 -04:00
|
|
|
++ [
|
|
|
|
(mkMinecraftEntry "mc.nelim.org" 25569)
|
|
|
|
(mkMinecraftEntry "mc2.nelim.org" 25560)
|
|
|
|
(mkMinecraftEntry "cv.nelim.org" 25566)
|
2023-11-29 10:29:06 -05:00
|
|
|
|
2024-08-11 14:53:45 -04:00
|
|
|
(mkLocalEntry "nelim.org" caddyIp)
|
2023-11-29 10:29:06 -05:00
|
|
|
|
2024-08-11 14:53:45 -04:00
|
|
|
{
|
|
|
|
interface = ["127.0.0.1"];
|
|
|
|
port = 5335;
|
2023-11-29 10:29:06 -05:00
|
|
|
|
2024-08-11 14:53:45 -04:00
|
|
|
do-ip4 = true;
|
|
|
|
do-ip6 = false;
|
|
|
|
prefer-ip6 = false;
|
|
|
|
do-udp = true;
|
|
|
|
do-tcp = true;
|
2023-11-29 10:29:06 -05:00
|
|
|
|
2024-08-11 14:53:45 -04:00
|
|
|
# Performance
|
|
|
|
prefetch = true;
|
|
|
|
num-threads = 1;
|
2023-11-29 10:29:06 -05:00
|
|
|
|
2024-08-11 14:53:45 -04:00
|
|
|
private-address = [
|
|
|
|
"172.16.0.0/12"
|
|
|
|
"10.0.0.0/8"
|
|
|
|
"100.64.0.0/8"
|
|
|
|
"fd00::/8"
|
|
|
|
"fe80::/10"
|
|
|
|
];
|
2023-11-29 10:29:06 -05:00
|
|
|
|
2024-08-11 14:53:45 -04:00
|
|
|
# Default stuff
|
|
|
|
harden-glue = true;
|
|
|
|
harden-dnssec-stripped = true;
|
|
|
|
use-caps-for-id = false;
|
|
|
|
edns-buffer-size = 1232;
|
|
|
|
so-rcvbuf = "1m";
|
|
|
|
}
|
|
|
|
]
|
|
|
|
);
|
2023-11-29 10:29:06 -05:00
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|