feat: initial

services/unbound.nix

@@ -0,0 +1,34 @@
+{ config, pkgs, ... }:
+
+let 
+  net = import ../data/network.nix;
+in
+{
+  services.unbound = {
+    enable = true;
+    settings = {
+
+      server = {
+        interface = ["0.0.0.0" "::0"];
+
+        access-control = ["127.0.0.1 allow" "${net.network.subnet} allow"];
+
+        local-zone = "\"${net.local_domain}.\" static";
+        local-data =  
+          (map (name: 
+            let ip = net.dnsMappings.${name}; in
+            "\"${name}. IN A ${ip}\""
+          ) (builtins.attrNames net.dnsMappings));
+      };
+
+      forward-zone = {
+        name = ".";
+        forward-addr = net.fallback_dns_servers;
+      };
+    };
+  };
+  
+  # Allow DNS through the firewall
+  networking.firewall.allowedTCPPorts = [ 53 ];
+  networking.firewall.allowedUDPPorts = [ 53 ];
+}