Startsida Utforska Hjälp
Registrera dig Logga in
thatsmydoing
/
nixos-config
1
0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Gren: master
Grenar Taggar
nixos-config
/
includes
/
local-dns
/
default.nix

default.nix 911 B
Permalänk Historik

1234567891011121314151617181920212223242526272829303132 
  1. { config, pkgs, ... }:
    2. 

  2. let
    3. 

  3.   local-dns = pkgs.runCommand "local-dns" {} ''
    4. 

  4.     mkdir -p $out/bin
    5. 

  5.     cp ${./local-dns} $out/bin/local-dns
    6. 

  6.   '';
    7. 

  7. in
    8. 

  8. {
    9. 

  9.   environment.systemPackages = [ local-dns ];
    10. 

  10. 

  11.   services.unbound = {
    12. 

  12.     enable = true;
    13. 

  13.     enableRootTrustAnchor = false;
    14. 

  14.     extraConfig = ''
    15. 

  15.       include: /var/lib/unbound/unbound-resolvconf.conf
    16. 

  16.       remote-control:
    17. 

  17.         control-enable: yes
    18. 

  18.         control-interface: /var/lib/unbound/unbound.sock
    19. 

  19.     '';
    20. 

  20.   };
    21. 

  21. 

  22.   # make unbound use unbound group instead so that the control socket is secure
    23. 

  23.   # instead of being in nogroup
    24. 

  24.   users.users.unbound.group = "unbound";
    25. 

  25.   users.groups.unbound = {};
    26. 

  26. 

  27.   # actually have openresolv update our DNS
    28. 

  28.   networking.resolvconf.extraConfig = ''
    29. 

  29.     unbound_conf=/var/lib/unbound/unbound-resolvconf.conf
    30. 

  30.     unbound_restart="${pkgs.unbound}/bin/unbound-control -c /var/lib/unbound/unbound.conf reload || true"
    31. 

  31.   '';
    32. 

  32. }
    33.