Added unbound DNS module + added to puter

2026-01-16 18:44:57 +02:00
parent 0636381047
commit f23ad4b0ee
2 changed files with 39 additions and 0 deletions
--- a/hosts/puter/default.nix
+++ b/hosts/puter/default.nix
@@ -24,6 +24,7 @@
    ../../modules/common/wine.nix
    ../../modules/common/libvirt.nix
    ../../modules/common/keyd.nix
+    ../../modules/common/unbound-cloud.nix
  ];
  networking.hostName = "puter";
  # This will be overridden by system/default.nix
--- a/modules/common/unbound-cloud.nix
+++ b/modules/common/unbound-cloud.nix
@@ -0,0 +1,38 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  services.unbound = {
+    enable = true;
+    settings = {
+      server = {
+        # Listen only locally
+        interface = ["127.0.0.1"];
+        port = 5335;
+        access-control = ["127.0.0.1 allow"];
+
+        # Recommended hardening
+        harden-glue = true;
+        harden-dnssec-stripped = true;
+        use-caps-for-id = false;
+
+        # Performance
+        prefetch = true;
+        edns-buffer-size = 1232;
+
+        # Privacy
+        hide-identity = true;
+        hide-version = true;
+      };
+
+      forward-zone = [
+        {
+          name = ".";
+          forward-addr = ["dns.mycloudhaus.xyz@853"];
+          forward-tls-upstream = true; # Enable DoT
+        }
+      ];
+    };
+  };
+}