Enable blocky and unbound DNS on dalinar
This commit is contained in:
parent
37bd8a68c5
commit
5d0ed56702
@ -27,7 +27,17 @@
|
||||
};
|
||||
|
||||
networking.hostName = "dalinar";
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
allowedUDPPorts = [ 53 ];
|
||||
};
|
||||
networking.useNetworkd = true;
|
||||
services.resolved = {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
DNSStubListener=no
|
||||
'';
|
||||
};
|
||||
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
@ -54,6 +64,62 @@
|
||||
|
||||
services.tailscale.enable = true;
|
||||
|
||||
services.unbound = {
|
||||
enable = true;
|
||||
settings = {
|
||||
server = {
|
||||
interface = [ "127.0.0.1" ];
|
||||
port = 5335;
|
||||
access-control = [ "127.0.0.1 allow" ];
|
||||
harden-glue = true;
|
||||
num-threads = 4;
|
||||
harden-dnssec-stripped = true;
|
||||
use-caps-for-id = false;
|
||||
prefetch = true;
|
||||
edns-buffer-size = 1232;
|
||||
hide-identity = true;
|
||||
hide-version = true;
|
||||
private-address = [
|
||||
"172.16.0.0/12"
|
||||
];
|
||||
};
|
||||
forward-zone = [
|
||||
{
|
||||
name = ".";
|
||||
forward-addr = [
|
||||
"9.9.9.9#dns.quad9.net"
|
||||
"149.112.112.112#dns.quad9.net"
|
||||
];
|
||||
forward-tls-upstream = true;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
services.blocky = {
|
||||
enable = true;
|
||||
settings = {
|
||||
upstreams.groups.default = [
|
||||
"127.0.0.1:${builtins.toString config.services.unbound.settings.server.port}"
|
||||
];
|
||||
blocking = {
|
||||
denylists.ads = [
|
||||
"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
|
||||
];
|
||||
clientGroupsBlock.default = [ "ads" ];
|
||||
};
|
||||
ports = {
|
||||
dns = 53;
|
||||
http = 4000; # port for prometheus metrics
|
||||
};
|
||||
prometheus = {
|
||||
enable = true;
|
||||
path = "/metrics";
|
||||
};
|
||||
queryLog.type = "none";
|
||||
};
|
||||
};
|
||||
|
||||
# This option defines the first version of NixOS you have installed on this particular machine,
|
||||
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
|
||||
#
|
||||
|
Loading…
x
Reference in New Issue
Block a user