Added unbound DNS module + added to puter

hosts/puter/default.nix

@@ -24,6 +24,7 @@
     ../../modules/common/wine.nix
     ../../modules/common/libvirt.nix
     ../../modules/common/keyd.nix
+    ../../modules/common/unbound-cloud.nix
   ];
   networking.hostName = "puter";
   # This will be overridden by system/default.nix

modules/common/unbound-cloud.nix

@@ -0,0 +1,38 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  services.unbound = {
+    enable = true;
+    settings = {
+      server = {
+        # Listen only locally
+        interface = ["127.0.0.1"];
+        port = 5335;
+        access-control = ["127.0.0.1 allow"];
+
+        # Recommended hardening
+        harden-glue = true;
+        harden-dnssec-stripped = true;
+        use-caps-for-id = false;
+
+        # Performance
+        prefetch = true;
+        edns-buffer-size = 1232;
+
+        # Privacy
+        hide-identity = true;
+        hide-version = true;
+      };
+
+      forward-zone = [
+        {
+          name = ".";
+          forward-addr = ["dns.mycloudhaus.xyz@853"];
+          forward-tls-upstream = true; # Enable DoT
+        }
+      ];
+    };
+  };
+}