add unbound

hosts/fw.cloonar.com/configuration.nix

@@ -14,6 +14,7 @@
     ./modules/networking.nix
     ./modules/firewall.nix
     ./modules/dhcp4.nix
+    ./modules/unbound.nix
     ./modules/avahi.nix
     ./modules/openconnect.nix
 

hosts/fw.cloonar.com/modules/unbound.nix

@@ -0,0 +1,116 @@
+{ ... }: {
+  services.unbound = {
+    enable = true;
+    server = {
+      interface = [ "10.42.96.1" "10.42.97.1" "10.42.99.1" "10.42.254.1" ];
+    };
+    local-data = [
+      "localhost A 127.0.0.1"
+      "localhost.cloonar.com A 127.0.0.1"
+      "localhost AAAA ::1"
+      "localhost.cloonar.com AAAA ::1"
+      "fw.cloonar.com A 10.42.97.1"
+      "fw A 10.42.97.1"
+
+      "switch.cloonar.com IN A 10.42.97.10"
+      "drone.cloonar.com IN A 10.42.97.118"
+      "hv-02.cloonar.com IN A 10.42.97.3"
+      "home-assistant.cloonar.com IN A 10.42.97.20"
+      "deconz.cloonar.com IN A 10.42.97.20"
+      "mopidy.cloonar.com IN A 10.42.97.20"
+      "snapcast.cloonar.com IN A 10.42.97.20"
+      "cl-storage-01.cloonar.com IN A 10.42.97.9"
+      "git.cloonar.com IN A 10.42.97.118"
+
+      "stage.wsw.at IN A 10.254.235.22"
+      "prod.wsw.at IN A 10.254.217.23"
+      "piwik.wohnservice-wien.at IN A 10.254.240.109"
+      "wohnservice-wien.at IN A 10.254.240.109"
+      "mieterhilfe.at IN A 10.254.240.109"
+      "wohnpartner-wien.at IN A 10.254.240.109"
+      "wohnberatung-wien.at IN A 10.254.240.109"
+      "wienbautvor.at IN A 10.254.240.109"
+      "a.wohnservice-wien.at IN A 10.254.240.109"
+      "a.wohnpartner-wien.at IN A 10.254.240.109"
+      "a.stage.wohnservice-wien.at IN A 10.254.240.110"
+      "a.stage.mieterhilfe.at IN A 10.254.240.110"
+      "a.stage.wohnpartner-wien.at IN A 10.254.240.110"
+      "a.stage.wohnberatung-wien.at IN A 10.254.240.110"
+      "a.stage.wienbautvor.at IN A 10.254.240.110"
+      "a.stage.wienwohntbesser.at IN A 10.254.240.110"
+      "upgrade-staging.wohnservice-wien.at IN A 10.254.240.110"
+      "upgrade-staging.mieterhilfe.at IN A 10.254.240.110"
+      "upgrade-staging.wohnpartner-wien.at IN A 10.254.240.110"
+      "upgrade-staging.wohnberatung-wien.at IN A 10.254.240.110"
+      "upgrade-staging.wienbautvor.at IN A 10.254.240.110"
+      "upgrade-staging.wienwohntbesser.at IN A 10.254.240.110"
+
+      "testing.ebs.amz.at IN A 80.120.142.235"
+      "api.testing-ebs.amz.at IN A 80.120.142.235"
+
+      "metz.cloonar.com IN A 10.42.96.167"
+      "firetv-living.cloonar.com IN A 10.42.96.175"
+      "ps5-living.cloonar.com IN A 10.42.96.176"
+
+      "ddl-warez.to IN A 172.67.184.30"
+    ];
+    local-data-ptr = [
+      "127.0.0.1 localhost"
+      "::1 localhost"
+      "10.42.97.10 switch.cloonar.com"
+      "10.42.97.1 fw.cloonar.com"
+      "10.42.97.118 drone.cloonar.com"
+      "10.42.97.3 hv-02.cloonar.com"
+      "10.42.97.20 home-assistant.cloonar.com"
+      "10.42.97.9 cl-storage-01.cloonar.com"
+      "10.42.97.118 git.cloonar.com"
+
+
+      "10.254.235.22 stage.wsw.at"
+      "10.254.217.23 prod.wsw.at"
+      "10.254.240.109 wohnservice-wien.at"
+      "10.254.240.110 a.stage.wohnservice-wien.at"
+
+      "80.120.142.235 testing.ebs.amz.at"
+
+      "172.67.184.30 ddl-warez.to"
+    ];
+    forward-zone = [
+      {
+        name = ".";
+        forward-addr = "9.9.9.9#dns11.quad9.net";
+        forward-addr = "149.112.112.112#dns11.quad9.net"
+      }
+      {
+        name = "ghetto.at.local.";
+        forward-addr = [
+          "10.43.97.1"
+        ];
+      }
+      {
+        name = "epicenter.works.";
+        forward-addr = [
+          "10.50.60.1"
+        ];
+      }
+      {
+        name = "akvorrat.at.";
+        forward-addr = [
+          "10.50.60.1"
+        ];
+      }
+      {
+        name = "epicenter.intra.";
+        forward-addr = [
+          "10.14.1.1"
+        ];
+      }
+      {
+        name = "intra.epicenter.works.";
+        forward-addr = [
+          "10.14.1.1"
+        ];
+      }
+    ];
+  };
+}