{ networking = { firewall = { allowedTCPPorts = [ 53 # domain ]; allowedUDPPorts = [ 53 # domain ]; interfaces.enp116s0.allowedUDPPorts = [ 69 # xinetd/tftpd 123 # ntp ]; }; }; services.chrony = { extraConfig = '' local stratum 3 binddevice enp116s0 allow 192.168.1/24 ''; }; services.unbound = { enable = true; settings = { server = { access-control = [ "0.0.0.0/0 refuse" "127.0.0.0/8 allow" "::0/0 refuse" "::1 allow" "192.168.1.0/24 allow" ]; hide-identity = true; hide-version = true; interface = [ "lo" "enp116s0" ]; local-data = [ "\"darkstar.bitgnome.net. IN A 192.168.1.1\"" "\"arrakis.bitgnome.net. IN A 192.168.1.2\"" "\"jupiter.bitgnome.net. IN A 192.168.1.11\"" "\"saturn.bitgnome.net. IN A 192.168.1.12\"" "\"uranus.bitgnome.net. IN A 192.168.1.13\"" "\"neptune.bitgnome.net. IN A 192.168.1.14\"" "\"ginaz.bitgnome.net. IN A 192.168.1.17\"" ]; local-data-ptr = [ "\"192.168.1.1 darkstar.bitgnome.net\"" "\"192.168.1.2 arrakis.bitgnome.net\"" "\"192.168.1.11 jupiter.bitgnome.net\"" "\"192.168.1.12 saturn.bitgnome.net\"" "\"192.168.1.13 uranus.bitgnome.net\"" "\"192.168.1.14 neptune.bitgnome.net\"" "\"192.168.1.17 ginaz.bitgnome.net\"" ]; local-zone = [ "\"bitgnome.net.\" transparent" "\"1.168.192.in-addr.arpa.\" static" ]; }; }; }; }