Home Explore Help
Register Sign In
thatsmydoing
/
nixos-config
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: ef63079be0
Branches Tags
nixos-config
/
includes
/
local-dns
/
default.nix

default.nix 876 B
History Raw

12345678910111213141516171819202122232425262728293031 
  1. { config, pkgs, ... }:
    2. 

  2. let
    3. 

  3.   local-dns = pkgs.runCommand "local-dns" {} ''
    4. 

  4.     mkdir -p $out/bin
    5. 

  5.     cp ${./local-dns} $out/bin/local-dns
    6. 

  6.   '';
    7. 

  7. in
    8. 

  8. {
    9. 

  9.   environment.systemPackages = [ local-dns ];
    10. 

  10. 

  11.   services.unbound = {
    12. 

  12.     enable = true;
    13. 

  13.     extraConfig = ''
    14. 

  14.       include: /var/lib/unbound/unbound-resolvconf.conf
    15. 

  15.       remote-control:
    16. 

  16.         control-enable: yes
    17. 

  17.         control-interface: /var/lib/unbound/unbound.sock
    18. 

  18.     '';
    19. 

  19.   };
    20. 

  20. 

  21.   # make unbound use unbound group instead so that the control socket is secure
    22. 

  22.   # instead of being in nogroup
    23. 

  23.   users.users.unbound.group = "unbound";
    24. 

  24.   users.groups.unbound = {};
    25. 

  25. 

  26.   # actually have openresolv update our DNS
    27. 

  27.   networking.resolvconf.extraConfig = ''
    28. 

  28.     unbound_conf=/var/lib/unbound/unbound-resolvconf.conf
    29. 

  29.     unbound_restart="${pkgs.unbound}/bin/unbound-control -c /var/lib/unbound/unbound.conf reload || true"
    30. 

  30.   '';
    31. 

  31. }
    32.