From 491c4bf6b4596b486b12724e9124a854cc7abc26 Mon Sep 17 00:00:00 2001
From: "quentin@aristote.fr" <quentin@aristote.fr>
Date: Sun, 29 Sep 2024 19:56:08 +0200
Subject: migrate hostapd config

---
 config/networking/services/dns.nix | 35 ++++++++++++++++++-----------------
 1 file changed, 18 insertions(+), 17 deletions(-)

(limited to 'config/networking/services/dns.nix')

diff --git a/config/networking/services/dns.nix b/config/networking/services/dns.nix
index 9e70958..5b4d99b 100644
--- a/config/networking/services/dns.nix
+++ b/config/networking/services/dns.nix
@@ -1,27 +1,28 @@
-{ config, ... }:
-
-let nets = config.personal.networking.networks;
+{config, ...}: let
+  subnets = builtins.catAttrs "subnet" (builtins.attrValues config.personal.networking.interfaces.all);
 in {
   services.unbound = {
     enable = true;
     settings = {
       server = {
         module-config = ''"respip validator iterator"'';
-        interface = [
-          "127.0.0.1"
-          "${nets.wan.subnet}.1"
-          "${nets.iot.subnet}.1"
-          "${nets.eth0.subnet}.1"
-        ];
-        access-control = [
-          "0.0.0.0/0 refuse"
-          "127.0.0.0/8 allow"
-          "${nets.wan.subnet}.0/24 allow"
-          "${nets.iot.subnet}.0/24 allow"
-          "${nets.eth0.subnet}.0/24 allow"
-        ];
+        interface =
+          [
+            "127.0.0.1"
+          ]
+          ++ builtins.map ({prefix, ...}: "${prefix}.1") subnets;
+        access-control =
+          [
+            "0.0.0.0/0 refuse"
+            "127.0.0.0/8 allow"
+          ]
+          ++ builtins.map ({
+            prefix,
+            prefixLength,
+          }: "${prefix}.0/${builtins.toString prefixLength} allow")
+          subnets;
       };
-      rpz = { name = "rpz.oisd.nl"; };
+      rpz.name = "rpz.oisd.nl";
     };
   };
 }
-- 
cgit v1.2.3