diff --git a/modules/unbound-auth.nix b/modules/unbound-auth.nix deleted file mode 100644 index 5c0fbec..0000000 --- a/modules/unbound-auth.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - services.unbound = { - settings = { - auth-zone = [ - { - name = "home.rpqt.fr."; - zonefile = builtins.toFile "home.rpqt.fr.zone" '' - $TTL 3600 ; 1 Hour - $ORIGIN home.rpqt.fr. - home.rpqt.fr. IN SOA ns1 admin.rpqt.fr. ( - 2025063000 ; serial - 10800 ; refresh - 3600 ; retry - 604800 ; expire - 300 ; minimum - ) - - @ 1D IN NS ns1.home.rpqt.fr. - @ 1D IN NS ns2.home.rpqt.fr. - @ 1D IN NS ns3.home.rpqt.fr. - - ns1 10800 IN CNAME crocus.home.rpqt.fr. - ns2 10800 IN CNAME genepi.home.rpqt.fr. - ns3 10800 IN CNAME verbena.home.rpqt.fr. - - crocus 10800 IN AAAA fd80:150d:17cc:2ae:6999:9380:150d:17cc - genepi 10800 IN AAAA fd80:150d:17cc:2ae:6999:9358:3e0e:d738 - verbena 10800 IN AAAA fd80:150d:17cc:2ae:6999:9306:9a0e:c197 - haze 10800 IN AAAA fd80:150d:17cc:2ae:6999:935a:e8:b04d - ''; - } - ]; - }; - }; -} diff --git a/modules/unbound.nix b/modules/unbound.nix deleted file mode 100644 index a386ae4..0000000 --- a/modules/unbound.nix +++ /dev/null @@ -1,108 +0,0 @@ -{ - self, - config, - lib, - ... -}: -let - domain = "home.rpqt.fr"; - machines = { - genepi = { - subdomains = [ - "actual" - "assistant" - "glance" - "grafana" - "images" - "lounge" - "pinchflat" - "rss" - ]; - }; - crocus = { - subdomains = [ - "cloud" - ]; - }; - }; - zerotierInterface = "zts7mq7onf"; - machinesZerotierIpRecords = - lib.map - ( - host: - ''"${host}.infra.rpqt.fr. 10800 IN AAAA ${ - self.nixosConfigurations.${host}.config.clan.core.vars.generators.zerotier.files.zerotier-ip.value - }"'' - ) - [ - "crocus" - "genepi" - ]; -in -{ - services.resolved.enable = false; - - networking.firewall.interfaces.${zerotierInterface} = { - allowedTCPPorts = [ 53 ]; - allowedUDPPorts = [ 53 ]; - }; - - services.unbound = { - enable = true; - resolveLocalQueries = true; - checkconf = true; - - settings = { - server = { - interface = [ - "127.0.0.1" - "::1" - "::0" - ]; - access-control = [ - "127.0.0.1 allow" - "${config.clan.core.networking.zerotier.subnet} allow" - ]; - local-zone = [ - ''"*.home.rpqt.fr." redirect'' - ]; - local-data = - # machinesZerotierIpRecords ++ - lib.concatMap ( - host: - lib.map ( - subdomain: - ''"${subdomain}.${domain}. 10800 IN AAAA ${ - self.nixosConfigurations.${host}.config.clan.core.vars.generators.zerotier.files.zerotier-ip.value - }"'' - ) machines.${host}.subdomains - ) (lib.attrNames machines); - private-address = [ - "127.0.0.1/8" - "${config.clan.core.networking.zerotier.subnet}" - ]; - private-domain = [ - "home.rpqt.fr" - ]; - }; - forward-zone = [ - { - name = "."; - forward-tls-upstream = true; - forward-addr = [ - "9.9.9.9#dns.quad9.net" - "149.112.112.112#dns.quad9.net" - "1.1.1.1@853#cloudflare-dns.com" - "1.0.0.1@853#cloudflare-dns.com" - "2606:4700:4700::1111@853#cloudflare-dns.com" - "2606:4700:4700::1001@853#cloudflare-dns.com" - "8.8.8.8#dns.google" - "8.8.4.4#dns.google" - "2001:4860:4860::8888#dns.google" - "2001:4860:4860::8844#dns.google" - ]; - } - ]; - }; - }; -}