blob: 9e709589be22977302e0992046bac56cf13e9524 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
{ config, ... }:
let nets = config.personal.networking.networks;
in {
services.unbound = {
enable = true;
settings = {
server = {
module-config = ''"respip validator iterator"'';
interface = [
"127.0.0.1"
"${nets.wan.subnet}.1"
"${nets.iot.subnet}.1"
"${nets.eth0.subnet}.1"
];
access-control = [
"0.0.0.0/0 refuse"
"127.0.0.0/8 allow"
"${nets.wan.subnet}.0/24 allow"
"${nets.iot.subnet}.0/24 allow"
"${nets.eth0.subnet}.0/24 allow"
];
};
rpz = { name = "rpz.oisd.nl"; };
};
};
}
|
