{
config,
lib,
mainUser,
self,
...
}: let
inherit (self.lib) mergeAttrsList;
inherit (lib) mapAttrsToList remove;
inherit (config.networking) hostName;
serviviIP = "100.64.0.7";
caddyIp =
if hostName == "thingone"
then "100.64.0.8"
else "100.64.0.9";
in {
# https://github.com/MatthewVance/unbound-docker-rpi/issues/4#issuecomment-1001879602
boot.kernel.sysctl."net.core.rmem_max" = 1048576;
users.users.${mainUser}.extraGroups = ["unbound"];
services.unbound = {
enable = true;
enableRootTrustAnchor = true;
resolveLocalQueries = false;
settings = {
server = let
mkLocalEntry = domain: ip: {
local-zone = ["${domain} redirect"];
local-data = ["\"${domain} IN A ${ip}\""];
};
mkMinecraftEntry = domain: port: {
local-zone = ["${domain} transparent"];
local-data = [
"\"${domain} IN A ${serviviIP}\""
"\"_minecraft._tcp.${domain}. 180 IN SRV 0 0 ${toString port} ${domain}.\""
];
};
forceResolveEntry = domain: {
local-zone = ["${domain} always_transparent"];
};
publicApps = remove "nelim.org" (mapAttrsToList (n: v: v.hostName) config.services.caddy.virtualHosts);
in
mergeAttrsList (
[]
++ (map forceResolveEntry publicApps)
++ [
(mkMinecraftEntry "mc.nelim.org" 25569)
(mkMinecraftEntry "mc2.nelim.org" 25560)
(mkMinecraftEntry "cv.nelim.org" 25566)
(mkLocalEntry "nelim.org" caddyIp)
{
interface = ["127.0.0.1"];
port = 5335;
do-ip4 = true;
do-ip6 = false;
prefer-ip6 = false;
do-udp = true;
do-tcp = true;
# Performance
prefetch = true;
num-threads = 1;
private-address = [
"172.16.0.0/12"
"10.0.0.0/8"
"100.64.0.0/8"
"fd00::/8"
"fe80::/10"
];
# Default stuff
harden-glue = true;
harden-dnssec-stripped = true;
use-caps-for-id = false;
edns-buffer-size = 1232;
so-rcvbuf = "1m";
}
]
);
};
};
}