From f9c1d9a0278861f68a09fc19907071a9982ede9b Mon Sep 17 00:00:00 2001 From: Zuma Date: Wed, 5 Nov 2025 13:36:42 +0100 Subject: [PATCH] Feat: Add Unbound DNS resolver --- configuration.nix | 64 +++++++++++++++++++++++++++++++---------------- 1 file changed, 42 insertions(+), 22 deletions(-) diff --git a/configuration.nix b/configuration.nix index c49f15b..c94b135 100755 --- a/configuration.nix +++ b/configuration.nix @@ -73,28 +73,28 @@ users.motd = '' -⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⡾⠛⠻⣦⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ -⠀⠀⢀⣤⢤⠤⣄⣀⣤⡴⢞⡝⠙⠾⣇⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣠⣾⠯⣈⢹⢷⣄⡀⠀⠀⠀⢀⣠⣶⡾⠷⠲⢻⡄⠀⠀⠀⣀⣀⡀⠀⠀⠀⠀ -⠀⣴⢛⠱⣰⠓⢛⣿⠟⠒⠊⢠⠒⠦⠙⢷⢶⢶⢶⡄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⡴⠞⣋⣵⡗⣾⣉⣟⣤⠍⢻⡆⠀⣴⢟⢭⠀⠀⣀⡀⠈⠙⣦⠀⠀⣿⡈⣷⡀⠀⠀⠀ -⠀⢿⡘⠒⠻⡍⢉⡏⠀⠀⠀⡰⠚⡄⠀⢈⣧⠹⠈⣷⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢰⡯⣴⣾⣿⣿⣧⠏⣧⠤⡟⠦⢈⡻⣾⢇⢷⠈⠀⡠⠥⠸⠀⠀⠘⣧⣰⡟⠁⠈⠻⡷⣦⡀ -⠀⠘⢷⡄⠠⠃⢿⡁⢠⣦⣄⣷⣀⠇⠀⣌⣇⡀⠀⠙⣉⡷⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⠳⠯⠿⠟⠃⠀⠙⠚⠳⢾⡎⠀⣹⢬⣟⣀⢰⢁⣤⠇⠀⠀⠀⣼⠿⠃⠊⠉⠁⣫⡴⠟ -⠀⠀⠈⢿⣄⠀⡼⠳⡸⣼⡘⠛⠟⢊⣕⣛⡣⠈⢳⡞⠃⠀⠀⠀⠀⠀⠀⢀⣀⠀⠀⠀⠀⠀⠀⠀⣤⠶⣤⠀⣀⣀⣘⣻⣦⢯⣷⣮⣣⠑⠿⠯⣒⣢⢀⡜⠉⢣⣠⡶⠶⠛⠉⠀⠀ -⠀⠀⠀⢸⣏⠖⠁⠀⠙⢿⣿⣯⣿⡿⠿⠟⢛⣤⠞⠁⠀⠀⠀⠀⠀⠀⣼⣿⣿⣷⡄⠀⠀⠀⠀⠀⢹⣦⠘⠛⠭⣋⠝⣿⠈⢷⡈⣿⣿⣷⣶⡶⡵⠕⠋⠀⢀⣘⣼⠁⠀⠀⠀⠀⠀ -⠀⠀⠀⠀⠉⠹⢦⡀⠀⠀⠻⠿⠯⡦⣄⣰⡟⠁⠀⣠⢤⡄⠀⠀⠀⢀⣿⠿⠛⠋⢿⣿⣶⣤⡀⠀⠀⣧⣠⠖⠂⠘⣰⡟⠀⠈⢷⡱⣿⣿⣟⠜⠀⠀⣠⠶⠋⠁⠀⠀⠀⠀⠀⠀⠀ -⢀⡤⠴⠟⠉⠻⣤⣝⢶⣄⠀⠀⠀⠀⠈⢻⡄⠀⠐⣷⠈⢷⡀⠀⢠⣾⠵⠀⠀⠔⢆⠈⠉⢿⣿⡆⣿⡏⠈⢀⣴⠾⠋⠀⠀⠀⣼⠃⠙⠆⠀⠀⣠⠞⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ -⢸⠁⠀⠀⠀⠀⢠⣟⢠⡽⠁⠀⠀⠀⢀⡠⣿⣦⣾⠏⣀⡀⢷⣦⣿⠱⡇⠀⢠⠒⡜⠀⠀⠀⢿⣿⡟⠛⢤⡞⣧⠀⠀⠀⠀⠀⡟⠀⠀⠀⠀⠰⠻⣦⣀⣀⣤⡀⠀⠀⠀⠀⠀⠀⠀ -⠸⠀⠀⠀⠀⠀⡞⠉⢫⠓⠂⠤⠐⠚⠉⠀⢹⡿⣺⡈⠁⣰⠀⡿⣻⣻⣇⡀⡇⣠⡅⠀⠀⠀⢸⠏⠀⠀⣠⡿⠋⠀⠀⠀⠀⢰⣯⠤⣀⡀⠀⢀⡰⠃⠙⢝⢝⡇⠀⠀⠀⠀⠀⠀⠀ -⠰⣇⠀⠀⠀⢠⣵⣧⣸⡀⠀⠀⠀⠀⠀⠀⣿⣯⡤⠶⠚⢿⣱⢛⢾⣶⣿⣊⠺⠿⢵⣶⡾⣠⠋⠀⣠⣾⠋⠀⠀⠀⠀⠀⠀⠈⢻⡄⠀⠈⠉⠁⠀⠀⠀⠈⣼⠁⠀⠀⠀⠀⠀⠀⠀ -⠀⠙⣦⡀⠀⣸⢻⡛⡝⠀⠀⠀⠀⠀⢀⣼⠏⠀⠀⠀⠀⠈⠛⠋⠙⢻⣿⣿⣿⣿⣿⡯⠏⠚⠀⠈⠉⠙⣷⣀⣤⡀⠀⠀⠀⠀⠈⢻⣄⡀⠀⠀⠀⢰⡰⣾⠃⠀⠀⠀⠀⠀⠀⠀⠀ -⠀⠀⠈⠉⠉⠁⠈⣧⣤⠴⢶⡤⠔⣲⠟⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠹⢿⣿⡿⠟⢿⡅⠀⠀⠀⠀⣠⠇⠹⣋⢿⠀⠀⠀⠀⠀⠀⠹⣏⠑⣶⣶⡏⢰⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀ -⠀⠀⠀⠀⠀⠀⠀⠈⣡⡶⠛⠁⢴⠏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠘⣷⠤⠤⠤⠖⠁⠀⠀⢀⣮⠄⠀⠀⠀⠀⠀⣰⠟⠀⢹⠟⠀⠚⣧⠀⠀⠀⠀⠀⠀⠀⠀⠀ -⠀⠀⠀⠀⠀⠀⠀⣴⠋⠀⠀⠀⢸⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢻⡄⠀⠀⠀⠀⠀⢨⠞⢿⡀⠀⠀⠀⣀⣴⠋⠀⠀⡞⠀⠀⠀⠙⣧⡀⠀⠀⠀⠀⠀⠀⠀ -⠀⠀⠀⠀⠀⠀⢰⡏⠀⢀⣀⣀⢸⣆⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣀⣤⡴⠋⢈⡦⣤⣀⣠⡤⠚⠇⠈⡇⠀⢸⣏⣉⣀⡀⠀⠀⡇⠀⠀⠀⠀⠈⠛⢶⡀⠀⠀⠀⠀⠀ -⠀⠀⠀⠀⠀⠀⢸⣆⢀⣀⣀⣀⣤⣹⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⣶⠒⠒⠛⠋⠉⠀⠀⢚⣿⠀⠀⠀⣿⠀⠉⠁⠹⢧⣤⣤⡙⠚⠓⠻⠶⠞⠻⣄⣴⣶⣤⣶⠞⠛⠁⠀⠀⠀⠀⠀ -⠀⠀⠀⠀⠀⠀⠀⠉⠉⠙⠛⠚⠋⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠹⣷⣦⣤⣀⠀⠀⣠⡾⠃⠀⠀⠀⢹⡆⠀⠀⣀⣠⣴⡾⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ -⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⠓⠒⠛⠁⠀⠀⠀⠀⠀⠀⠙⠒⠚⠋⠉⠉⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ + ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⡾⠛⠻⣦⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ + ⠀⠀⢀⣤⢤⠤⣄⣀⣤⡴⢞⡝⠙⠾⣇⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣠⣾⠯⣈⢹⢷⣄⡀⠀⠀⠀⢀⣠⣶⡾⠷⠲⢻⡄⠀⠀⠀⣀⣀⡀⠀⠀⠀⠀ + ⠀⣴⢛⠱⣰⠓⢛⣿⠟⠒⠊⢠⠒⠦⠙⢷⢶⢶⢶⡄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⡴⠞⣋⣵⡗⣾⣉⣟⣤⠍⢻⡆⠀⣴⢟⢭⠀⠀⣀⡀⠈⠙⣦⠀⠀⣿⡈⣷⡀⠀⠀⠀ + ⠀⢿⡘⠒⠻⡍⢉⡏⠀⠀⠀⡰⠚⡄⠀⢈⣧⠹⠈⣷⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢰⡯⣴⣾⣿⣿⣧⠏⣧⠤⡟⠦⢈⡻⣾⢇⢷⠈⠀⡠⠥⠸⠀⠀⠘⣧⣰⡟⠁⠈⠻⡷⣦⡀ + ⠀⠘⢷⡄⠠⠃⢿⡁⢠⣦⣄⣷⣀⠇⠀⣌⣇⡀⠀⠙⣉⡷⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⠳⠯⠿⠟⠃⠀⠙⠚⠳⢾⡎⠀⣹⢬⣟⣀⢰⢁⣤⠇⠀⠀⠀⣼⠿⠃⠊⠉⠁⣫⡴⠟ + ⠀⠀⠈⢿⣄⠀⡼⠳⡸⣼⡘⠛⠟⢊⣕⣛⡣⠈⢳⡞⠃⠀⠀⠀⠀⠀⠀⢀⣀⠀⠀⠀⠀⠀⠀⠀⣤⠶⣤⠀⣀⣀⣘⣻⣦⢯⣷⣮⣣⠑⠿⠯⣒⣢⢀⡜⠉⢣⣠⡶⠶⠛⠉⠀⠀ + ⠀⠀⠀⢸⣏⠖⠁⠀⠙⢿⣿⣯⣿⡿⠿⠟⢛⣤⠞⠁⠀⠀⠀⠀⠀⠀⣼⣿⣿⣷⡄⠀⠀⠀⠀⠀⢹⣦⠘⠛⠭⣋⠝⣿⠈⢷⡈⣿⣿⣷⣶⡶⡵⠕⠋⠀⢀⣘⣼⠁⠀⠀⠀⠀⠀ + ⠀⠀⠀⠀⠉⠹⢦⡀⠀⠀⠻⠿⠯⡦⣄⣰⡟⠁⠀⣠⢤⡄⠀⠀⠀⢀⣿⠿⠛⠋⢿⣿⣶⣤⡀⠀⠀⣧⣠⠖⠂⠘⣰⡟⠀⠈⢷⡱⣿⣿⣟⠜⠀⠀⣠⠶⠋⠁⠀⠀⠀⠀⠀⠀⠀ + ⢀⡤⠴⠟⠉⠻⣤⣝⢶⣄⠀⠀⠀⠀⠈⢻⡄⠀⠐⣷⠈⢷⡀⠀⢠⣾⠵⠀⠀⠔⢆⠈⠉⢿⣿⡆⣿⡏⠈⢀⣴⠾⠋⠀⠀⠀⣼⠃⠙⠆⠀⠀⣠⠞⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ + ⢸⠁⠀⠀⠀⠀⢠⣟⢠⡽⠁⠀⠀⠀⢀⡠⣿⣦⣾⠏⣀⡀⢷⣦⣿⠱⡇⠀⢠⠒⡜⠀⠀⠀⢿⣿⡟⠛⢤⡞⣧⠀⠀⠀⠀⠀⡟⠀⠀⠀⠀⠰⠻⣦⣀⣀⣤⡀⠀⠀⠀⠀⠀⠀⠀ + ⠸⠀⠀⠀⠀⠀⡞⠉⢫⠓⠂⠤⠐⠚⠉⠀⢹⡿⣺⡈⠁⣰⠀⡿⣻⣻⣇⡀⡇⣠⡅⠀⠀⠀⢸⠏⠀⠀⣠⡿⠋⠀⠀⠀⠀⢰⣯⠤⣀⡀⠀⢀⡰⠃⠙⢝⢝⡇⠀⠀⠀⠀⠀⠀⠀ + ⠰⣇⠀⠀⠀⢠⣵⣧⣸⡀⠀⠀⠀⠀⠀⠀⣿⣯⡤⠶⠚⢿⣱⢛⢾⣶⣿⣊⠺⠿⢵⣶⡾⣠⠋⠀⣠⣾⠋⠀⠀⠀⠀⠀⠀⠈⢻⡄⠀⠈⠉⠁⠀⠀⠀⠈⣼⠁⠀⠀⠀⠀⠀⠀⠀ + ⠀⠙⣦⡀⠀⣸⢻⡛⡝⠀⠀⠀⠀⠀⢀⣼⠏⠀⠀⠀⠀⠈⠛⠋⠙⢻⣿⣿⣿⣿⣿⡯⠏⠚⠀⠈⠉⠙⣷⣀⣤⡀⠀⠀⠀⠀⠈⢻⣄⡀⠀⠀⠀⢰⡰⣾⠃⠀⠀⠀⠀⠀⠀⠀⠀ + ⠀⠀⠈⠉⠉⠁⠈⣧⣤⠴⢶⡤⠔⣲⠟⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠹⢿⣿⡿⠟⢿⡅⠀⠀⠀⠀⣠⠇⠹⣋⢿⠀⠀⠀⠀⠀⠀⠹⣏⠑⣶⣶⡏⢰⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀ + ⠀⠀⠀⠀⠀⠀⠀⠈⣡⡶⠛⠁⢴⠏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠘⣷⠤⠤⠤⠖⠁⠀⠀⢀⣮⠄⠀⠀⠀⠀⠀⣰⠟⠀⢹⠟⠀⠚⣧⠀⠀⠀⠀⠀⠀⠀⠀⠀ + ⠀⠀⠀⠀⠀⠀⠀⣴⠋⠀⠀⠀⢸⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢻⡄⠀⠀⠀⠀⠀⢨⠞⢿⡀⠀⠀⠀⣀⣴⠋⠀⠀⡞⠀⠀⠀⠙⣧⡀⠀⠀⠀⠀⠀⠀⠀ + ⠀⠀⠀⠀⠀⠀⢰⡏⠀⢀⣀⣀⢸⣆⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣀⣤⡴⠋⢈⡦⣤⣀⣠⡤⠚⠇⠈⡇⠀⢸⣏⣉⣀⡀⠀⠀⡇⠀⠀⠀⠀⠈⠛⢶⡀⠀⠀⠀⠀⠀ + ⠀⠀⠀⠀⠀⠀⢸⣆⢀⣀⣀⣀⣤⣹⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⣶⠒⠒⠛⠋⠉⠀⠀⢚⣿⠀⠀⠀⣿⠀⠉⠁⠹⢧⣤⣤⡙⠚⠓⠻⠶⠞⠻⣄⣴⣶⣤⣶⠞⠛⠁⠀⠀⠀⠀⠀ + ⠀⠀⠀⠀⠀⠀⠀⠉⠉⠙⠛⠚⠋⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠹⣷⣦⣤⣀⠀⠀⣠⡾⠃⠀⠀⠀⢹⡆⠀⠀⣀⣠⣴⡾⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ + ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⠓⠒⠛⠁⠀⠀⠀⠀⠀⠀⠙⠒⠚⠋⠉⠉⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ -=============== Bienvenue dans la filouterie ==================== + =============== Bienvenue dans la filouterie ==================== ''; @@ -116,11 +116,31 @@ # Open ports in the firewall. networking.firewall.enable = true; - networking.firewall.allowedTCPPorts = [ + networking.firewall.allowedTCPPorts = [ 22 # SSH ]; # networking.firewall.allowedUDPPorts = [ ... ]; + services.unbound = { + enable = true; + settings = { + server = { + interface = [ + "127.0.0.1" + "172.17.0.1" + ]; # 172.17.0.1 is docker container network mask + verbosity = 1; + access-control = [ + "127.0.0.0/8 allow" + "172.17.0.1/16 allow" + "192.168.0.0/16 allow" + ]; + }; + }; + resolveLocalQueries = true; + }; + services.resolved.enable = false; + # Garbage collection to remove old NixOs iterations nix.gc = { automatic = true;