34 lines
763 B
Nix
34 lines
763 B
Nix
{ config, pkgs, ... }:
|
|
|
|
let
|
|
net = import ../data/network.nix;
|
|
in
|
|
{
|
|
services.unbound = {
|
|
enable = true;
|
|
settings = {
|
|
|
|
server = {
|
|
interface = ["0.0.0.0" "::0"];
|
|
|
|
access-control = ["127.0.0.1 allow" "${net.network.subnet} allow"];
|
|
|
|
local-zone = "\"${net.local_domain}.\" static";
|
|
local-data =
|
|
(map (name:
|
|
let ip = net.dnsMappings.${name}; in
|
|
"\"${name}. IN A ${ip}\""
|
|
) (builtins.attrNames net.dnsMappings));
|
|
};
|
|
|
|
forward-zone = {
|
|
name = ".";
|
|
forward-addr = net.fallback_dns_servers;
|
|
};
|
|
};
|
|
};
|
|
|
|
# Allow DNS through the firewall
|
|
networking.firewall.allowedTCPPorts = [ 53 ];
|
|
networking.firewall.allowedUDPPorts = [ 53 ];
|
|
}
|