networking: modularize

author: quentin@aristote.fr <quentin@aristote.fr> 2023-04-01 15:08:14 +0200
committer: quentin@aristote.fr <quentin@aristote.fr> 2023-04-01 15:08:14 +0200
commit: 4dfb2e31d2a21158d2f07486f269cf468082607b (patch)
tree: 3ad615167a3cdae77d7c26eeeade45c9b15bddef /config/networking/services/dns.nix
parent: 102dd41888bfae9e86233d384613756407b4ce57 (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/config/networking/services/dns.nix b/config/networking/services/dns.nix
new file mode 100644
index 0000000..beed1e7
--- /dev/null
+++ b/config/networking/services/dns.nix
@@ -0,0 +1,18 @@
+{ config, ... }:
+
+let cfg = config.personal.networking;
+in {
+  services.unbound = {
+    enable = true;
+    settings = {
+      server = {
+        interface = [ "127.0.0.1" "${cfg.subnets.private}.1" ];
+        access-control = [
+          "0.0.0.0/0 refuse"
+          "127.0.0.0/8 allow"
+          "${cfg.subnets.private}.0/24 allow"
+        ];
+      };
+    };
+  };
+}
author	quentin@aristote.fr <quentin@aristote.fr>	2023-04-01 15:08:14 +0200
committer	quentin@aristote.fr <quentin@aristote.fr>	2023-04-01 15:08:14 +0200
commit	4dfb2e31d2a21158d2f07486f269cf468082607b (patch)
tree	3ad615167a3cdae77d7c26eeeade45c9b15bddef /config/networking/services/dns.nix
parent	102dd41888bfae9e86233d384613756407b4ce57 (diff)