{ config, ... }: { services.unbound = { enable = true; settings = { server = { interface = [ "127.0.0.1" "10.42.96.1" "10.42.97.1" "10.42.99.1" "10.42.254.1" ]; # tls-cert-bundle = "/var/lib/acme/fw.cloonar.com/fullchain.pem"; }; # local-zone = "cloonar.com transparent"; # local-data = [ # "\"localhost A 127.0.0.1\"" # "localhost.cloonar.com A 127.0.0.1" # "localhost AAAA ::1" # "localhost.cloonar.com AAAA ::1" # "fw.cloonar.com A 10.42.97.1" # "fw A 10.42.97.1" # # "switch.cloonar.com IN A 10.42.97.10" # "drone.cloonar.com IN A 10.42.97.118" # "hv-02.cloonar.com IN A 10.42.97.3" # "home-assistant.cloonar.com IN A 10.42.97.20" # "deconz.cloonar.com IN A 10.42.97.20" # "mopidy.cloonar.com IN A 10.42.97.20" # "snapcast.cloonar.com IN A 10.42.97.20" # "cl-storage-01.cloonar.com IN A 10.42.97.9" # "git.cloonar.com IN A 10.42.97.118" # # "stage.wsw.at IN A 10.254.235.22" # "prod.wsw.at IN A 10.254.217.23" # "piwik.wohnservice-wien.at IN A 10.254.240.109" # "wohnservice-wien.at IN A 10.254.240.109" # "mieterhilfe.at IN A 10.254.240.109" # "wohnpartner-wien.at IN A 10.254.240.109" # "wohnberatung-wien.at IN A 10.254.240.109" # "wienbautvor.at IN A 10.254.240.109" # "a.wohnservice-wien.at IN A 10.254.240.109" # "a.wohnpartner-wien.at IN A 10.254.240.109" # "a.stage.wohnservice-wien.at IN A 10.254.240.110" # "a.stage.mieterhilfe.at IN A 10.254.240.110" # "a.stage.wohnpartner-wien.at IN A 10.254.240.110" # "a.stage.wohnberatung-wien.at IN A 10.254.240.110" # "a.stage.wienbautvor.at IN A 10.254.240.110" # "a.stage.wienwohntbesser.at IN A 10.254.240.110" # "upgrade-staging.wohnservice-wien.at IN A 10.254.240.110" # "upgrade-staging.mieterhilfe.at IN A 10.254.240.110" # "upgrade-staging.wohnpartner-wien.at IN A 10.254.240.110" # "upgrade-staging.wohnberatung-wien.at IN A 10.254.240.110" # "upgrade-staging.wienbautvor.at IN A 10.254.240.110" # "upgrade-staging.wienwohntbesser.at IN A 10.254.240.110" # # "testing.ebs.amz.at IN A 80.120.142.235" # "api.testing-ebs.amz.at IN A 80.120.142.235" # # "metz.cloonar.com IN A 10.42.96.167" # "firetv-living.cloonar.com IN A 10.42.96.175" # "ps5-living.cloonar.com IN A 10.42.96.176" # # "ddl-warez.to IN A 172.67.184.30" # ]; # local-data-ptr = [ # "127.0.0.1 localhost" # "::1 localhost" # "10.42.97.10 switch.cloonar.com" # "10.42.97.1 fw.cloonar.com" # "10.42.97.118 drone.cloonar.com" # "10.42.97.3 hv-02.cloonar.com" # "10.42.97.20 home-assistant.cloonar.com" # "10.42.97.9 cl-storage-01.cloonar.com" # "10.42.97.118 git.cloonar.com" # # "10.254.235.22 stage.wsw.at" # "10.254.217.23 prod.wsw.at" # "10.254.240.109 wohnservice-wien.at" # "10.254.240.110 a.stage.wohnservice-wien.at" # # "80.120.142.235 testing.ebs.amz.at" # # "172.67.184.30 ddl-warez.to" # ]; forward-zone = [ { name = "."; forward-addr = [ "10.44.96.1" # "9.9.9.9#dns11.quad9.net" # "149.112.112.112#dns11.quad9.net" ]; } { name = "ghetto.at.local."; forward-addr = [ "10.43.97.1" ]; } { name = "epicenter.works."; forward-addr = [ "10.50.60.1" ]; } { name = "akvorrat.at."; forward-addr = [ "10.50.60.1" ]; } { name = "epicenter.intra."; forward-addr = [ "10.14.1.1" ]; } { name = "intra.epicenter.works."; forward-addr = [ "10.14.1.1" ]; } ]; }; }; security.acme.certs.fw = { domain = "fw.cloonar.com"; group = config.services.unbound.group; }; }