diff options
| author | Baitinq <[email protected]> | 2025-08-25 19:51:20 +0200 |
|---|---|---|
| committer | Baitinq <[email protected]> | 2025-08-25 19:51:20 +0200 |
| commit | d8b2a31d59ea3023c5ad54a064a9c162efdc2980 (patch) | |
| tree | 69de650c5900b2cb403547ea7e65160677dfc8ad | |
| parent | Hardware: PC: Enable cuda support for packages (diff) | |
| download | nixos-config-d8b2a31d59ea3023c5ad54a064a9c162efdc2980.tar.gz nixos-config-d8b2a31d59ea3023c5ad54a064a9c162efdc2980.tar.bz2 nixos-config-d8b2a31d59ea3023c5ad54a064a9c162efdc2980.zip | |
Hardware: Improve unbound
| -rw-r--r-- | hosts/configuration.nix | 30 |
1 files changed, 28 insertions, 2 deletions
diff --git a/hosts/configuration.nix b/hosts/configuration.nix index dd173f9..0582ed2 100644 --- a/hosts/configuration.nix +++ b/hosts/configuration.nix @@ -54,7 +54,6 @@ extraHosts = builtins.readFile "${inputs.hosts}/hosts"; dhcpcd.enable = true; resolvconf.enable = true; - nameservers = ["127.0.0.1"]; firewall = { enable = true; allowedTCPPorts = [80 22 9090]; @@ -182,7 +181,34 @@ ]; }; gnome.gnome-keyring.enable = true; - unbound.enable = true; + unbound = { + enable = true; + settings = { + server = { + # Based on recommended settings in https://docs.pi-hole.net/guides/dns/unbound/#configure-unbound + harden-glue = true; + harden-dnssec-stripped = true; + use-caps-for-id = false; + prefetch = true; + edns-buffer-size = 1232; + + # Custom settings + hide-identity = true; + hide-version = true; + }; + forward-zone = [ + # Example config with quad9 + { + name = "."; + forward-addr = [ + "1.1.1.1#cloudflare-dns.com" + "1.0.0.1#cloudflare-dns.com" + ]; + forward-tls-upstream = true; # Protected DNS + } + ]; + }; + }; dbus.enable = true; irqbalance.enable = true; fwupd.enable = true; |