Feat: Add Unbound DNS resolver

configuration.nix

@@ -73,28 +73,28 @@
 
   users.motd = ''
 
-⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⡾⠛⠻⣦⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
+    ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⡾⠛⠻⣦⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
-⠀⠀⢀⣤⢤⠤⣄⣀⣤⡴⢞⡝⠙⠾⣇⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣠⣾⠯⣈⢹⢷⣄⡀⠀⠀⠀⢀⣠⣶⡾⠷⠲⢻⡄⠀⠀⠀⣀⣀⡀⠀⠀⠀⠀
+    ⠀⠀⢀⣤⢤⠤⣄⣀⣤⡴⢞⡝⠙⠾⣇⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣠⣾⠯⣈⢹⢷⣄⡀⠀⠀⠀⢀⣠⣶⡾⠷⠲⢻⡄⠀⠀⠀⣀⣀⡀⠀⠀⠀⠀
-⠀⣴⢛⠱⣰⠓⢛⣿⠟⠒⠊⢠⠒⠦⠙⢷⢶⢶⢶⡄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⡴⠞⣋⣵⡗⣾⣉⣟⣤⠍⢻⡆⠀⣴⢟⢭⠀⠀⣀⡀⠈⠙⣦⠀⠀⣿⡈⣷⡀⠀⠀⠀
+    ⠀⣴⢛⠱⣰⠓⢛⣿⠟⠒⠊⢠⠒⠦⠙⢷⢶⢶⢶⡄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⡴⠞⣋⣵⡗⣾⣉⣟⣤⠍⢻⡆⠀⣴⢟⢭⠀⠀⣀⡀⠈⠙⣦⠀⠀⣿⡈⣷⡀⠀⠀⠀
-⠀⢿⡘⠒⠻⡍⢉⡏⠀⠀⠀⡰⠚⡄⠀⢈⣧⠹⠈⣷⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢰⡯⣴⣾⣿⣿⣧⠏⣧⠤⡟⠦⢈⡻⣾⢇⢷⠈⠀⡠⠥⠸⠀⠀⠘⣧⣰⡟⠁⠈⠻⡷⣦⡀
+    ⠀⢿⡘⠒⠻⡍⢉⡏⠀⠀⠀⡰⠚⡄⠀⢈⣧⠹⠈⣷⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢰⡯⣴⣾⣿⣿⣧⠏⣧⠤⡟⠦⢈⡻⣾⢇⢷⠈⠀⡠⠥⠸⠀⠀⠘⣧⣰⡟⠁⠈⠻⡷⣦⡀
-⠀⠘⢷⡄⠠⠃⢿⡁⢠⣦⣄⣷⣀⠇⠀⣌⣇⡀⠀⠙⣉⡷⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⠳⠯⠿⠟⠃⠀⠙⠚⠳⢾⡎⠀⣹⢬⣟⣀⢰⢁⣤⠇⠀⠀⠀⣼⠿⠃⠊⠉⠁⣫⡴⠟
+    ⠀⠘⢷⡄⠠⠃⢿⡁⢠⣦⣄⣷⣀⠇⠀⣌⣇⡀⠀⠙⣉⡷⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⠳⠯⠿⠟⠃⠀⠙⠚⠳⢾⡎⠀⣹⢬⣟⣀⢰⢁⣤⠇⠀⠀⠀⣼⠿⠃⠊⠉⠁⣫⡴⠟
-⠀⠀⠈⢿⣄⠀⡼⠳⡸⣼⡘⠛⠟⢊⣕⣛⡣⠈⢳⡞⠃⠀⠀⠀⠀⠀⠀⢀⣀⠀⠀⠀⠀⠀⠀⠀⣤⠶⣤⠀⣀⣀⣘⣻⣦⢯⣷⣮⣣⠑⠿⠯⣒⣢⢀⡜⠉⢣⣠⡶⠶⠛⠉⠀⠀
+    ⠀⠀⠈⢿⣄⠀⡼⠳⡸⣼⡘⠛⠟⢊⣕⣛⡣⠈⢳⡞⠃⠀⠀⠀⠀⠀⠀⢀⣀⠀⠀⠀⠀⠀⠀⠀⣤⠶⣤⠀⣀⣀⣘⣻⣦⢯⣷⣮⣣⠑⠿⠯⣒⣢⢀⡜⠉⢣⣠⡶⠶⠛⠉⠀⠀
-⠀⠀⠀⢸⣏⠖⠁⠀⠙⢿⣿⣯⣿⡿⠿⠟⢛⣤⠞⠁⠀⠀⠀⠀⠀⠀⣼⣿⣿⣷⡄⠀⠀⠀⠀⠀⢹⣦⠘⠛⠭⣋⠝⣿⠈⢷⡈⣿⣿⣷⣶⡶⡵⠕⠋⠀⢀⣘⣼⠁⠀⠀⠀⠀⠀
+    ⠀⠀⠀⢸⣏⠖⠁⠀⠙⢿⣿⣯⣿⡿⠿⠟⢛⣤⠞⠁⠀⠀⠀⠀⠀⠀⣼⣿⣿⣷⡄⠀⠀⠀⠀⠀⢹⣦⠘⠛⠭⣋⠝⣿⠈⢷⡈⣿⣿⣷⣶⡶⡵⠕⠋⠀⢀⣘⣼⠁⠀⠀⠀⠀⠀
-⠀⠀⠀⠀⠉⠹⢦⡀⠀⠀⠻⠿⠯⡦⣄⣰⡟⠁⠀⣠⢤⡄⠀⠀⠀⢀⣿⠿⠛⠋⢿⣿⣶⣤⡀⠀⠀⣧⣠⠖⠂⠘⣰⡟⠀⠈⢷⡱⣿⣿⣟⠜⠀⠀⣠⠶⠋⠁⠀⠀⠀⠀⠀⠀⠀
+    ⠀⠀⠀⠀⠉⠹⢦⡀⠀⠀⠻⠿⠯⡦⣄⣰⡟⠁⠀⣠⢤⡄⠀⠀⠀⢀⣿⠿⠛⠋⢿⣿⣶⣤⡀⠀⠀⣧⣠⠖⠂⠘⣰⡟⠀⠈⢷⡱⣿⣿⣟⠜⠀⠀⣠⠶⠋⠁⠀⠀⠀⠀⠀⠀⠀
-⢀⡤⠴⠟⠉⠻⣤⣝⢶⣄⠀⠀⠀⠀⠈⢻⡄⠀⠐⣷⠈⢷⡀⠀⢠⣾⠵⠀⠀⠔⢆⠈⠉⢿⣿⡆⣿⡏⠈⢀⣴⠾⠋⠀⠀⠀⣼⠃⠙⠆⠀⠀⣠⠞⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
+    ⢀⡤⠴⠟⠉⠻⣤⣝⢶⣄⠀⠀⠀⠀⠈⢻⡄⠀⠐⣷⠈⢷⡀⠀⢠⣾⠵⠀⠀⠔⢆⠈⠉⢿⣿⡆⣿⡏⠈⢀⣴⠾⠋⠀⠀⠀⣼⠃⠙⠆⠀⠀⣠⠞⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
-⢸⠁⠀⠀⠀⠀⢠⣟⢠⡽⠁⠀⠀⠀⢀⡠⣿⣦⣾⠏⣀⡀⢷⣦⣿⠱⡇⠀⢠⠒⡜⠀⠀⠀⢿⣿⡟⠛⢤⡞⣧⠀⠀⠀⠀⠀⡟⠀⠀⠀⠀⠰⠻⣦⣀⣀⣤⡀⠀⠀⠀⠀⠀⠀⠀
+    ⢸⠁⠀⠀⠀⠀⢠⣟⢠⡽⠁⠀⠀⠀⢀⡠⣿⣦⣾⠏⣀⡀⢷⣦⣿⠱⡇⠀⢠⠒⡜⠀⠀⠀⢿⣿⡟⠛⢤⡞⣧⠀⠀⠀⠀⠀⡟⠀⠀⠀⠀⠰⠻⣦⣀⣀⣤⡀⠀⠀⠀⠀⠀⠀⠀
-⠸⠀⠀⠀⠀⠀⡞⠉⢫⠓⠂⠤⠐⠚⠉⠀⢹⡿⣺⡈⠁⣰⠀⡿⣻⣻⣇⡀⡇⣠⡅⠀⠀⠀⢸⠏⠀⠀⣠⡿⠋⠀⠀⠀⠀⢰⣯⠤⣀⡀⠀⢀⡰⠃⠙⢝⢝⡇⠀⠀⠀⠀⠀⠀⠀
+    ⠸⠀⠀⠀⠀⠀⡞⠉⢫⠓⠂⠤⠐⠚⠉⠀⢹⡿⣺⡈⠁⣰⠀⡿⣻⣻⣇⡀⡇⣠⡅⠀⠀⠀⢸⠏⠀⠀⣠⡿⠋⠀⠀⠀⠀⢰⣯⠤⣀⡀⠀⢀⡰⠃⠙⢝⢝⡇⠀⠀⠀⠀⠀⠀⠀
-⠰⣇⠀⠀⠀⢠⣵⣧⣸⡀⠀⠀⠀⠀⠀⠀⣿⣯⡤⠶⠚⢿⣱⢛⢾⣶⣿⣊⠺⠿⢵⣶⡾⣠⠋⠀⣠⣾⠋⠀⠀⠀⠀⠀⠀⠈⢻⡄⠀⠈⠉⠁⠀⠀⠀⠈⣼⠁⠀⠀⠀⠀⠀⠀⠀
+    ⠰⣇⠀⠀⠀⢠⣵⣧⣸⡀⠀⠀⠀⠀⠀⠀⣿⣯⡤⠶⠚⢿⣱⢛⢾⣶⣿⣊⠺⠿⢵⣶⡾⣠⠋⠀⣠⣾⠋⠀⠀⠀⠀⠀⠀⠈⢻⡄⠀⠈⠉⠁⠀⠀⠀⠈⣼⠁⠀⠀⠀⠀⠀⠀⠀
-⠀⠙⣦⡀⠀⣸⢻⡛⡝⠀⠀⠀⠀⠀⢀⣼⠏⠀⠀⠀⠀⠈⠛⠋⠙⢻⣿⣿⣿⣿⣿⡯⠏⠚⠀⠈⠉⠙⣷⣀⣤⡀⠀⠀⠀⠀⠈⢻⣄⡀⠀⠀⠀⢰⡰⣾⠃⠀⠀⠀⠀⠀⠀⠀⠀
+    ⠀⠙⣦⡀⠀⣸⢻⡛⡝⠀⠀⠀⠀⠀⢀⣼⠏⠀⠀⠀⠀⠈⠛⠋⠙⢻⣿⣿⣿⣿⣿⡯⠏⠚⠀⠈⠉⠙⣷⣀⣤⡀⠀⠀⠀⠀⠈⢻⣄⡀⠀⠀⠀⢰⡰⣾⠃⠀⠀⠀⠀⠀⠀⠀⠀
-⠀⠀⠈⠉⠉⠁⠈⣧⣤⠴⢶⡤⠔⣲⠟⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠹⢿⣿⡿⠟⢿⡅⠀⠀⠀⠀⣠⠇⠹⣋⢿⠀⠀⠀⠀⠀⠀⠹⣏⠑⣶⣶⡏⢰⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀
+    ⠀⠀⠈⠉⠉⠁⠈⣧⣤⠴⢶⡤⠔⣲⠟⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠹⢿⣿⡿⠟⢿⡅⠀⠀⠀⠀⣠⠇⠹⣋⢿⠀⠀⠀⠀⠀⠀⠹⣏⠑⣶⣶⡏⢰⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀
-⠀⠀⠀⠀⠀⠀⠀⠈⣡⡶⠛⠁⢴⠏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠘⣷⠤⠤⠤⠖⠁⠀⠀⢀⣮⠄⠀⠀⠀⠀⠀⣰⠟⠀⢹⠟⠀⠚⣧⠀⠀⠀⠀⠀⠀⠀⠀⠀
+    ⠀⠀⠀⠀⠀⠀⠀⠈⣡⡶⠛⠁⢴⠏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠘⣷⠤⠤⠤⠖⠁⠀⠀⢀⣮⠄⠀⠀⠀⠀⠀⣰⠟⠀⢹⠟⠀⠚⣧⠀⠀⠀⠀⠀⠀⠀⠀⠀
-⠀⠀⠀⠀⠀⠀⠀⣴⠋⠀⠀⠀⢸⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢻⡄⠀⠀⠀⠀⠀⢨⠞⢿⡀⠀⠀⠀⣀⣴⠋⠀⠀⡞⠀⠀⠀⠙⣧⡀⠀⠀⠀⠀⠀⠀⠀
+    ⠀⠀⠀⠀⠀⠀⠀⣴⠋⠀⠀⠀⢸⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢻⡄⠀⠀⠀⠀⠀⢨⠞⢿⡀⠀⠀⠀⣀⣴⠋⠀⠀⡞⠀⠀⠀⠙⣧⡀⠀⠀⠀⠀⠀⠀⠀
-⠀⠀⠀⠀⠀⠀⢰⡏⠀⢀⣀⣀⢸⣆⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣀⣤⡴⠋⢈⡦⣤⣀⣠⡤⠚⠇⠈⡇⠀⢸⣏⣉⣀⡀⠀⠀⡇⠀⠀⠀⠀⠈⠛⢶⡀⠀⠀⠀⠀⠀
+    ⠀⠀⠀⠀⠀⠀⢰⡏⠀⢀⣀⣀⢸⣆⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣀⣤⡴⠋⢈⡦⣤⣀⣠⡤⠚⠇⠈⡇⠀⢸⣏⣉⣀⡀⠀⠀⡇⠀⠀⠀⠀⠈⠛⢶⡀⠀⠀⠀⠀⠀
-⠀⠀⠀⠀⠀⠀⢸⣆⢀⣀⣀⣀⣤⣹⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⣶⠒⠒⠛⠋⠉⠀⠀⢚⣿⠀⠀⠀⣿⠀⠉⠁⠹⢧⣤⣤⡙⠚⠓⠻⠶⠞⠻⣄⣴⣶⣤⣶⠞⠛⠁⠀⠀⠀⠀⠀
+    ⠀⠀⠀⠀⠀⠀⢸⣆⢀⣀⣀⣀⣤⣹⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⣶⠒⠒⠛⠋⠉⠀⠀⢚⣿⠀⠀⠀⣿⠀⠉⠁⠹⢧⣤⣤⡙⠚⠓⠻⠶⠞⠻⣄⣴⣶⣤⣶⠞⠛⠁⠀⠀⠀⠀⠀
-⠀⠀⠀⠀⠀⠀⠀⠉⠉⠙⠛⠚⠋⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠹⣷⣦⣤⣀⠀⠀⣠⡾⠃⠀⠀⠀⢹⡆⠀⠀⣀⣠⣴⡾⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
+    ⠀⠀⠀⠀⠀⠀⠀⠉⠉⠙⠛⠚⠋⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠹⣷⣦⣤⣀⠀⠀⣠⡾⠃⠀⠀⠀⢹⡆⠀⠀⣀⣠⣴⡾⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
-⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⠓⠒⠛⠁⠀⠀⠀⠀⠀⠀⠙⠒⠚⠋⠉⠉⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
+    ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⠓⠒⠛⠁⠀⠀⠀⠀⠀⠀⠙⠒⠚⠋⠉⠉⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 
-=============== Bienvenue dans la filouterie ====================  
+    =============== Bienvenue dans la filouterie ====================  
 
   '';
 
@@ -116,11 +116,31 @@
 
   # Open ports in the firewall.
   networking.firewall.enable = true;
-  networking.firewall.allowedTCPPorts = [ 
+  networking.firewall.allowedTCPPorts = [
     22 # SSH
   ];
   # networking.firewall.allowedUDPPorts = [ ... ];
 
+  services.unbound = {
+    enable = true;
+    settings = {
+      server = {
+        interface = [
+          "127.0.0.1"
+          "172.17.0.1"
+        ]; # 172.17.0.1 is docker container network mask
+        verbosity = 1;
+        access-control = [
+          "127.0.0.0/8 allow"
+          "172.17.0.1/16 allow"
+          "192.168.0.0/16 allow"
+        ];
+      };
+    };
+    resolveLocalQueries = true;
+  };
+  services.resolved.enable = false;
+
   # Garbage collection to remove old NixOs iterations
   nix.gc = {
     automatic = true;