From 66aac3ac19fab00a8830f2d72ec3e44c47a9f9b7 Mon Sep 17 00:00:00 2001
From: Dominik Polakovics <dominik.polakovics@cloonar.com>
Date: Fri, 1 Dec 2023 00:47:06 +0100
Subject: [PATCH] add allow to unbound

---
 hosts/fw.cloonar.com/modules/unbound.nix | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/hosts/fw.cloonar.com/modules/unbound.nix b/hosts/fw.cloonar.com/modules/unbound.nix
index 4eb366a..8ac1a39 100644
--- a/hosts/fw.cloonar.com/modules/unbound.nix
+++ b/hosts/fw.cloonar.com/modules/unbound.nix
@@ -4,7 +4,14 @@
     settings = {
       server = {
         interface = [ "0.0.0.0" "::0" ];
-        access-control = [ "127.0.0.0/8" "10.42.96.0/24" "10.42.97.0/24" "10.42.98.0/24" "10.42.99.0/24" "10.42.254.0/24" ];
+        access-control = [
+          "127.0.0.0/8 allow"
+          "10.42.96.0/24 allow"
+          "10.42.97.0/24 allow"
+          "10.42.98.0/24 allow"
+          "10.42.99.0/24 allow"
+          "10.42.254.0/24 allow"
+        ];
         tls-cert-bundle = "/var/lib/acme/fw.cloonar.com/fullchain.pem";
         local-zone = "\"cloonar.com\" transparent";
         local-data = [