diff --git a/hosts/fw.cloonar.com/modules/dhcp4.nix b/hosts/fw.cloonar.com/modules/dhcp4.nix index 16cf2e9..12d4a59 100644 --- a/hosts/fw.cloonar.com/modules/dhcp4.nix +++ b/hosts/fw.cloonar.com/modules/dhcp4.nix @@ -39,7 +39,7 @@ } { name = "domain-name-servers"; - data = "10.42.97.2"; + data = "10.42.96.1"; } ]; reservations = [ @@ -79,7 +79,7 @@ } { name = "domain-name-servers"; - data = "10.42.97.2"; + data = "10.42.97.1"; } ]; reservations = [ @@ -104,7 +104,7 @@ } { name = "domain-name-servers"; - data = "10.42.97.2"; + data = "10.42.101.1"; } ]; reservations = [ @@ -139,7 +139,7 @@ } { name = "domain-name-servers"; - data = "10.42.97.2"; + data = "10.42.99.1"; } ]; } diff --git a/hosts/fw.cloonar.com/modules/networking.nix b/hosts/fw.cloonar.com/modules/networking.nix index 162b098..cb99ee7 100644 --- a/hosts/fw.cloonar.com/modules/networking.nix +++ b/hosts/fw.cloonar.com/modules/networking.nix @@ -23,7 +23,7 @@ networking = { useDHCP = false; - nameservers = [ "10.42.97.2" ]; + nameservers = [ "9.9.9.9" "149.112.112.112" ]; # Define VLANS vlans = { infrastructure = { diff --git a/hosts/fw.cloonar.com/modules/unbound.nix b/hosts/fw.cloonar.com/modules/unbound.nix index 9dc296e..1024f78 100644 --- a/hosts/fw.cloonar.com/modules/unbound.nix +++ b/hosts/fw.cloonar.com/modules/unbound.nix @@ -130,6 +130,17 @@ let ]; }; in { + services.unbound = { + enable = true; + settings = cfg // { + server.tls-cert-bundle = "/var/lib/acme/fw.cloonnar.com/fullchain.pem"; + }; + }; + security.acme.certs."fw.cloonar.com" = { + domain = "fw.cloonar.com"; + group = "unbound"; + }; + security.acme.certs."${domain}" = { domain = "${domain}"; group = "996";