diff options
| author | quentin@aristote.fr <quentin@aristote.fr> | 2024-09-29 19:56:08 +0200 |
|---|---|---|
| committer | quentin@aristote.fr <quentin@aristote.fr> | 2024-10-27 19:08:46 +0100 |
| commit | 491c4bf6b4596b486b12724e9124a854cc7abc26 (patch) | |
| tree | 3911453e589959da652a1d5f62e5966b05f1643e /config/networking/services/dns.nix | |
| parent | 072ad00164e98823691e7da1cdd07ac368391c38 (diff) | |
migrate hostapd config
Diffstat (limited to 'config/networking/services/dns.nix')
| -rw-r--r-- | config/networking/services/dns.nix | 35 |
1 files changed, 18 insertions, 17 deletions
diff --git a/config/networking/services/dns.nix b/config/networking/services/dns.nix index 9e70958..5b4d99b 100644 --- a/config/networking/services/dns.nix +++ b/config/networking/services/dns.nix @@ -1,27 +1,28 @@ -{ config, ... }: - -let nets = config.personal.networking.networks; +{config, ...}: let + subnets = builtins.catAttrs "subnet" (builtins.attrValues config.personal.networking.interfaces.all); in { services.unbound = { enable = true; settings = { server = { module-config = ''"respip validator iterator"''; - interface = [ - "127.0.0.1" - "${nets.wan.subnet}.1" - "${nets.iot.subnet}.1" - "${nets.eth0.subnet}.1" - ]; - access-control = [ - "0.0.0.0/0 refuse" - "127.0.0.0/8 allow" - "${nets.wan.subnet}.0/24 allow" - "${nets.iot.subnet}.0/24 allow" - "${nets.eth0.subnet}.0/24 allow" - ]; + interface = + [ + "127.0.0.1" + ] + ++ builtins.map ({prefix, ...}: "${prefix}.1") subnets; + access-control = + [ + "0.0.0.0/0 refuse" + "127.0.0.0/8 allow" + ] + ++ builtins.map ({ + prefix, + prefixLength, + }: "${prefix}.0/${builtins.toString prefixLength} allow") + subnets; }; - rpz = { name = "rpz.oisd.nl"; }; + rpz.name = "rpz.oisd.nl"; }; }; } |