homefree/homefree
1
0
Fork 0
Code Issues 66 Pull requests Projects 2 Releases Packages Wiki Activity Actions

unbound conf cleanup

Browse source
This commit is contained in:
Ellis Rahhal 2024-11-17 21:28:16 -08:00
parent 596cc1e2e7
commit 3240c35efb
1 changed files with 48 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

60
profiles/unbound.nix
View file

@ -2,6 +2,9 @@
let let
adlist = homefree-inputs.adblock-unbound.packages.${pkgs.system}; adlist = homefree-inputs.adblock-unbound.packages.${pkgs.system};
zones = [config.homefree.system.domain] ++ config.homefree.system.additionalDomains; zones = [config.homefree.system.domain] ++ config.homefree.system.additionalDomains;
preStart = ''
touch /run/unbound/include.conf
'';
in in
{ {
## See: https://blog.josefsson.org/2015/10/26/combining-dnsmasq-and-unbound/ ## See: https://blog.josefsson.org/2015/10/26/combining-dnsmasq-and-unbound/
@ -10,6 +13,12 @@ in
## nbound does support simple authoritative hosting with local-zone config. ## nbound does support simple authoritative hosting with local-zone config.
## For a proper authoritative DNS, look at NSD. ## For a proper authoritative DNS, look at NSD.
systemd.services.unbound = {
serviceConfig = {
ExecStartPre = [ "!${pkgs.writeShellScript "unbound-prestart" preStart}" ];
};
};
services.unbound = { services.unbound = {
enable = true; enable = true;
@ -21,6 +30,10 @@ in
server = { server = {
include = [ include = [
"\"${adlist.unbound-adblockStevenBlack}\"" "\"${adlist.unbound-adblockStevenBlack}\""
## Include run-time config, such as WAN ip mappings
## @TODO: Update this with ddclient scripts
## @TODO: Remove WAN entries from bare hostname maps below
"\"/run/unbound/include.conf\""
]; ];
port = 53530; port = 53530;
interface = [ interface = [
@ -57,8 +70,10 @@ in
"\"localhost AAAA ::1\"" "\"localhost AAAA ::1\""
] ]
++ ++
## add localhost.<zone> for all configured zones
(lib.map (zone: "\"localhost.${zone} IN A 127.0.0.1\"") zones) (lib.map (zone: "\"localhost.${zone} IN A 127.0.0.1\"") zones)
++ ++
## add <hostname>.<zone> for all configured zones
(lib.map (zone: "\"${config.homefree.system.hostName}.${zone} IN A 127.0.0.1\"") zones) (lib.map (zone: "\"${config.homefree.system.hostName}.${zone} IN A 127.0.0.1\"") zones)
++ ++
# Add DNS overrides # Add DNS overrides
@ -70,15 +85,36 @@ in
) config.homefree.network.dns-overrides ) config.homefree.network.dns-overrides
) )
++ ++
# Point URLs to internal IP when on LAN # Point proxy URLs to internal IP when on LAN
(lib.map (fqn: (lib.map
"\"${fqn} IN A 10.0.0.1\"" (fqn: "\"${fqn} IN A 10.0.0.1\"")
) (lib.flatten (lib.map (proxy-config: ## Flatten to single list
let ## e.g. [ "hij.lmnop" "hij".xyz" "abc.lmnop" "abc.xyz" "def.lmnop" "def.xyz" ]
domains = proxy-config.http-domains ++ proxy-config.https-domains; (lib.flatten
in ## Map across all proxy configs with public proxies filtered out,
lib.flatten (lib.map (subdomain: (lib.map (domain: "${subdomain}.${domain}") domains)) proxy-config.subdomains) ## creating list of lists
) (lib.filter (proxy-config: proxy-config.public == false) config.homefree.proxied-hosts))) ## e.g. [ [ "hij.lmnop" "hij".xyz" ] [ "abc.lmnop" "abc.xyz" "def.lmnop" "def.xyz" ] ]
(lib.map
(proxy-config:
## Flatten subdomain-domain combinations for individual proxy into single list
## e.g. [ "abc.lmnop" "abc.xyz" "def.lmnop" "def.xyz" ]
lib.flatten
## Create all subdomain-domain combinations, grouped by subdomain
## e.g. [ [ "abc.lmnop" "abc.xyz" ] [ "def.lmnop" "def.xyz" ]]
(lib.map
(subdomain:
# Create <subdomain>.<domain> fqn string
(lib.map
(domain: "${subdomain}.${domain}")
(proxy-config.http-domains ++ proxy-config.https-domains)
)
)
proxy-config.subdomains
)
)
(lib.filter (proxy-config: proxy-config.public == false) config.homefree.proxied-hosts)
)
)
) )
++ ++
## router lan ip with public domains ## router lan ip with public domains
@ -106,11 +142,11 @@ in
++ ++
## Bare hostname maps ## Bare hostname maps
[ [
## router wan IP ## router wan IP - @TODO - THIS NEEDS TO BE DYNAMIC
"\"${config.homefree.system.hostName} IN A 104.182.229.64\"" "\"${config.homefree.system.hostName} IN A 104.182.229.64\""
## router wan ipv6 IP ## router wan ipv6 IP - @TODO - THESE ARE WRONG
"\"${config.homefree.system.hostName} IN AAAA 2600:1700:ab00:4650:2e0:67ff:fe22:3e62\"" "\"${config.homefree.system.hostName} IN AAAA 2600:1700:ab00:4650:2e0:67ff:fe22:3e62\""
## ?? ## ??? @TODO - WHAT IS THIS?
"\"${config.homefree.system.hostName} IN AAAA 2600:1700:ab00:465f:2e0:67ff:fe22:3e63\"" "\"${config.homefree.system.hostName} IN AAAA 2600:1700:ab00:465f:2e0:67ff:fe22:3e63\""
] ]
++ ++