2024-01-09 13:13:04 -05:00
|
|
|
{config, ...}: let
|
|
|
|
inherit (config.vars) mainUser;
|
|
|
|
in {
|
2023-11-29 10:29:06 -05:00
|
|
|
# https://github.com/MatthewVance/unbound-docker-rpi/issues/4#issuecomment-1001879602
|
|
|
|
boot.kernel.sysctl."net.core.rmem_max" = 1048576;
|
|
|
|
|
2024-01-09 13:13:04 -05:00
|
|
|
users.users.${mainUser}.extraGroups = ["unbound"];
|
2023-11-29 22:14:29 -05:00
|
|
|
|
2023-11-29 10:29:06 -05:00
|
|
|
services.unbound = {
|
|
|
|
enable = true;
|
|
|
|
enableRootTrustAnchor = true;
|
2023-12-20 03:52:42 -05:00
|
|
|
resolveLocalQueries = false;
|
2023-11-29 10:29:06 -05:00
|
|
|
|
|
|
|
settings = {
|
|
|
|
server = {
|
|
|
|
interface = ["127.0.0.1"];
|
|
|
|
port = 5335;
|
|
|
|
|
|
|
|
# Custom DNS
|
|
|
|
local-zone = [
|
2023-12-29 15:27:53 -05:00
|
|
|
"pve.nelim.org redirect"
|
2023-11-29 10:29:06 -05:00
|
|
|
"headscale.nelim.org redirect"
|
|
|
|
"git.nelim.org redirect"
|
|
|
|
"mc.nelim.org transparent"
|
|
|
|
"cv.nelim.org transparent"
|
|
|
|
"mc2.nelim.org transparent"
|
|
|
|
"ota.nelim.org redirect"
|
|
|
|
"nelim.org redirect"
|
|
|
|
];
|
|
|
|
local-data = [
|
2023-12-29 15:27:53 -05:00
|
|
|
"\"pve.nelim.org IN A 100.64.0.4\""
|
2023-11-29 10:29:06 -05:00
|
|
|
|
|
|
|
"\"headscale.nelim.org. IN A 24.200.126.219\""
|
|
|
|
|
|
|
|
"\"git.nelim.org. IN A 24.200.126.219\""
|
|
|
|
|
2023-12-26 17:10:10 -05:00
|
|
|
"\"mc.nelim.org IN A 100.64.0.7\""
|
2023-11-29 10:29:06 -05:00
|
|
|
"\"_minecraft._tcp.mc.nelim.org. 180 IN SRV 0 0 25569 mc.nelim.org.\""
|
|
|
|
|
2023-12-26 17:10:10 -05:00
|
|
|
"\"cv.nelim.org IN A 100.64.0.7\""
|
2023-11-29 10:29:06 -05:00
|
|
|
"\"_minecraft._tcp.cv.nelim.org. 180 IN SRV 0 0 25566 cv.nelim.org.\""
|
|
|
|
|
2023-12-26 17:10:10 -05:00
|
|
|
"\"mc2.nelim.org IN A 100.64.0.7\""
|
2023-11-29 10:29:06 -05:00
|
|
|
"\"_minecraft._tcp.mc2.nelim.org. 180 IN SRV 0 0 25560 mc2.nelim.org.\""
|
|
|
|
|
|
|
|
"\"ota.nelim.org. IN A 100.64.0.5\""
|
|
|
|
|
|
|
|
"\"nelim.org IN A 100.64.0.1\""
|
|
|
|
];
|
|
|
|
#
|
|
|
|
|
|
|
|
do-ip4 = true;
|
|
|
|
do-ip6 = false;
|
|
|
|
prefer-ip6 = false;
|
|
|
|
do-udp = true;
|
|
|
|
do-tcp = true;
|
|
|
|
|
|
|
|
# Performance
|
|
|
|
prefetch = true;
|
|
|
|
num-threads = 1;
|
|
|
|
|
|
|
|
private-address = [
|
|
|
|
"172.16.0.0/12"
|
|
|
|
"10.0.0.0/8"
|
|
|
|
"100.64.0.0/8"
|
|
|
|
"fd00::/8"
|
|
|
|
"fe80::/10"
|
|
|
|
];
|
|
|
|
|
|
|
|
# Default stuff
|
|
|
|
harden-glue = true;
|
|
|
|
harden-dnssec-stripped = true;
|
|
|
|
use-caps-for-id = false;
|
|
|
|
edns-buffer-size = 1232;
|
|
|
|
so-rcvbuf = "1m";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|