From 629c2abe167b0c21d6a0be68a3c3a4b3fb244b89 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Fri, 10 Nov 2023 20:27:39 +0100 Subject: [PATCH] add unbound --- hosts/fw.cloonar.com/configuration.nix | 1 + hosts/fw.cloonar.com/modules/unbound.nix | 116 +++++++++++++++++++++++ 2 files changed, 117 insertions(+) create mode 100644 hosts/fw.cloonar.com/modules/unbound.nix diff --git a/hosts/fw.cloonar.com/configuration.nix b/hosts/fw.cloonar.com/configuration.nix index 4b8dda2..f50dd68 100644 --- a/hosts/fw.cloonar.com/configuration.nix +++ b/hosts/fw.cloonar.com/configuration.nix @@ -14,6 +14,7 @@ ./modules/networking.nix ./modules/firewall.nix ./modules/dhcp4.nix + ./modules/unbound.nix ./modules/avahi.nix ./modules/openconnect.nix diff --git a/hosts/fw.cloonar.com/modules/unbound.nix b/hosts/fw.cloonar.com/modules/unbound.nix new file mode 100644 index 0000000..95313a0 --- /dev/null +++ b/hosts/fw.cloonar.com/modules/unbound.nix @@ -0,0 +1,116 @@ +{ ... }: { + services.unbound = { + enable = true; + server = { + interface = [ "10.42.96.1" "10.42.97.1" "10.42.99.1" "10.42.254.1" ]; + }; + local-data = [ + "localhost A 127.0.0.1" + "localhost.cloonar.com A 127.0.0.1" + "localhost AAAA ::1" + "localhost.cloonar.com AAAA ::1" + "fw.cloonar.com A 10.42.97.1" + "fw A 10.42.97.1" + + "switch.cloonar.com IN A 10.42.97.10" + "drone.cloonar.com IN A 10.42.97.118" + "hv-02.cloonar.com IN A 10.42.97.3" + "home-assistant.cloonar.com IN A 10.42.97.20" + "deconz.cloonar.com IN A 10.42.97.20" + "mopidy.cloonar.com IN A 10.42.97.20" + "snapcast.cloonar.com IN A 10.42.97.20" + "cl-storage-01.cloonar.com IN A 10.42.97.9" + "git.cloonar.com IN A 10.42.97.118" + + "stage.wsw.at IN A 10.254.235.22" + "prod.wsw.at IN A 10.254.217.23" + "piwik.wohnservice-wien.at IN A 10.254.240.109" + "wohnservice-wien.at IN A 10.254.240.109" + "mieterhilfe.at IN A 10.254.240.109" + "wohnpartner-wien.at IN A 10.254.240.109" + "wohnberatung-wien.at IN A 10.254.240.109" + "wienbautvor.at IN A 10.254.240.109" + "a.wohnservice-wien.at IN A 10.254.240.109" + "a.wohnpartner-wien.at IN A 10.254.240.109" + "a.stage.wohnservice-wien.at IN A 10.254.240.110" + "a.stage.mieterhilfe.at IN A 10.254.240.110" + "a.stage.wohnpartner-wien.at IN A 10.254.240.110" + "a.stage.wohnberatung-wien.at IN A 10.254.240.110" + "a.stage.wienbautvor.at IN A 10.254.240.110" + "a.stage.wienwohntbesser.at IN A 10.254.240.110" + "upgrade-staging.wohnservice-wien.at IN A 10.254.240.110" + "upgrade-staging.mieterhilfe.at IN A 10.254.240.110" + "upgrade-staging.wohnpartner-wien.at IN A 10.254.240.110" + "upgrade-staging.wohnberatung-wien.at IN A 10.254.240.110" + "upgrade-staging.wienbautvor.at IN A 10.254.240.110" + "upgrade-staging.wienwohntbesser.at IN A 10.254.240.110" + + "testing.ebs.amz.at IN A 80.120.142.235" + "api.testing-ebs.amz.at IN A 80.120.142.235" + + "metz.cloonar.com IN A 10.42.96.167" + "firetv-living.cloonar.com IN A 10.42.96.175" + "ps5-living.cloonar.com IN A 10.42.96.176" + + "ddl-warez.to IN A 172.67.184.30" + ]; + local-data-ptr = [ + "127.0.0.1 localhost" + "::1 localhost" + "10.42.97.10 switch.cloonar.com" + "10.42.97.1 fw.cloonar.com" + "10.42.97.118 drone.cloonar.com" + "10.42.97.3 hv-02.cloonar.com" + "10.42.97.20 home-assistant.cloonar.com" + "10.42.97.9 cl-storage-01.cloonar.com" + "10.42.97.118 git.cloonar.com" + + + "10.254.235.22 stage.wsw.at" + "10.254.217.23 prod.wsw.at" + "10.254.240.109 wohnservice-wien.at" + "10.254.240.110 a.stage.wohnservice-wien.at" + + "80.120.142.235 testing.ebs.amz.at" + + "172.67.184.30 ddl-warez.to" + ]; + forward-zone = [ + { + name = "."; + forward-addr = "9.9.9.9#dns11.quad9.net"; + forward-addr = "149.112.112.112#dns11.quad9.net" + } + { + name = "ghetto.at.local."; + forward-addr = [ + "10.43.97.1" + ]; + } + { + name = "epicenter.works."; + forward-addr = [ + "10.50.60.1" + ]; + } + { + name = "akvorrat.at."; + forward-addr = [ + "10.50.60.1" + ]; + } + { + name = "epicenter.intra."; + forward-addr = [ + "10.14.1.1" + ]; + } + { + name = "intra.epicenter.works."; + forward-addr = [ + "10.14.1.1" + ]; + } + ]; + }; +}