blob: 33792e599ffe33790ba9ef744a2dbb87d598f6c0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
{
networking = {
firewall = {
allowedTCPPorts = [
53 # domain
];
allowedUDPPorts = [
53 # domain
];
interfaces.enp116s0.allowedUDPPorts = [
69 # xinetd/tftpd
123 # ntp
];
};
};
services.chrony = {
extraConfig = ''
local stratum 3
binddevice enp116s0
allow 192.168.1/24
'';
};
services.unbound = {
enable = true;
settings = {
server = {
access-control = [
"0.0.0.0/0 refuse"
"127.0.0.0/8 allow"
"::0/0 refuse"
"::1 allow"
"192.168.1.0/24 allow"
];
hide-identity = true;
hide-version = true;
interface = [
"lo"
"enp116s0"
];
local-data = [
"\"darkstar.bitgnome.net. IN A 192.168.1.1\""
"\"arrakis.bitgnome.net. IN A 192.168.1.2\""
"\"ginaz.bitgnome.net. IN A 192.168.1.17\""
"\"ginaz.bitgnome.net. IN A 192.168.1.17\""
];
local-data-ptr = [
"\"192.168.1.1 darkstar.bitgnome.net\""
"\"192.168.1.2 arrakis.bitgnome.net\""
"\"192.168.1.17 ginaz.bitgnome.net\""
];
local-zone = [
"\"bitgnome.net.\" transparent"
"\"1.168.192.in-addr.arpa.\" static"
];
};
};
};
}
|
