diff options
Diffstat (limited to 'config/networking/services/dns.nix')
| -rw-r--r-- | config/networking/services/dns.nix | 35 |
1 files changed, 18 insertions, 17 deletions
diff --git a/config/networking/services/dns.nix b/config/networking/services/dns.nix index 9e70958..5b4d99b 100644 --- a/config/networking/services/dns.nix +++ b/config/networking/services/dns.nix @@ -1,27 +1,28 @@ -{ config, ... }: - -let nets = config.personal.networking.networks; +{config, ...}: let + subnets = builtins.catAttrs "subnet" (builtins.attrValues config.personal.networking.interfaces.all); in { services.unbound = { enable = true; settings = { server = { module-config = ''"respip validator iterator"''; - interface = [ - "127.0.0.1" - "${nets.wan.subnet}.1" - "${nets.iot.subnet}.1" - "${nets.eth0.subnet}.1" - ]; - access-control = [ - "0.0.0.0/0 refuse" - "127.0.0.0/8 allow" - "${nets.wan.subnet}.0/24 allow" - "${nets.iot.subnet}.0/24 allow" - "${nets.eth0.subnet}.0/24 allow" - ]; + interface = + [ + "127.0.0.1" + ] + ++ builtins.map ({prefix, ...}: "${prefix}.1") subnets; + access-control = + [ + "0.0.0.0/0 refuse" + "127.0.0.0/8 allow" + ] + ++ builtins.map ({ + prefix, + prefixLength, + }: "${prefix}.0/${builtins.toString prefixLength} allow") + subnets; }; - rpz = { name = "rpz.oisd.nl"; }; + rpz.name = "rpz.oisd.nl"; }; }; } |