nixos-config/services/unbound.nix

{ config, ... }:

{
  services.unbound = {
    enable = true;
    localControlSocketPath = "/run/unbound/unbound.socket";
    settings.server = {
      so-rcvbuf = "1m";
      prefetch = true;
      access-control = "10.0.0.0/8 allow";
      interface = [ "127.0.0.1" ];
      private-address = [
        "192.168.0.0/16"
        "169.254.0.0/16"
        "172.16.0.0/16"
        "10.0.0.0/8"
        "fd00::/8"
        "fe80::/10"
      ];
    };
  };

  services.prometheus.exporters.unbound = {
    inherit (config.services.unbound) group;
    enable = true;
    openFirewall = true;
    port = 9090;
    controlInterface = config.services.unbound.localControlSocketPath;
  };
}
services: unbound: Fix prometheus exporter setup Signed-off-by: Christoph Heiss <christoph@c8h4.io> 2023-04-12 22:44:15 +02:00			`{ config, ... }:`

machines: Add 'name' Runs blocky + unbound for custom DNS. Also adds all the common nix infrastructure needed. Signed-off-by: Christoph Heiss <christoph@c8h4.io> 2023-04-01 22:20:34 +02:00			`{`
			`services.unbound = {`
			`enable = true;`
services: unbound: Fix prometheus exporter setup Signed-off-by: Christoph Heiss <christoph@c8h4.io> 2023-04-12 22:44:15 +02:00			`localControlSocketPath = "/run/unbound/unbound.socket";`
machines: Add 'name' Runs blocky + unbound for custom DNS. Also adds all the common nix infrastructure needed. Signed-off-by: Christoph Heiss <christoph@c8h4.io> 2023-04-01 22:20:34 +02:00			`settings.server = {`
			`so-rcvbuf = "1m";`
			`prefetch = true;`
			`access-control = "10.0.0.0/8 allow";`
			`interface = [ "127.0.0.1" ];`
			`private-address = [`
			`"192.168.0.0/16"`
			`"169.254.0.0/16"`
			`"172.16.0.0/16"`
			`"10.0.0.0/8"`
			`"fd00::/8"`
			`"fe80::/10"`
			`];`
			`};`
			`};`

			`services.prometheus.exporters.unbound = {`
services: unbound: Fix prometheus exporter setup Signed-off-by: Christoph Heiss <christoph@c8h4.io> 2023-04-12 22:44:15 +02:00			`inherit (config.services.unbound) group;`
machines: Add 'name' Runs blocky + unbound for custom DNS. Also adds all the common nix infrastructure needed. Signed-off-by: Christoph Heiss <christoph@c8h4.io> 2023-04-01 22:20:34 +02:00			`enable = true;`
			`openFirewall = true;`
			`port = 9090;`
services: unbound: Fix prometheus exporter setup Signed-off-by: Christoph Heiss <christoph@c8h4.io> 2023-04-12 22:44:15 +02:00			`controlInterface = config.services.unbound.localControlSocketPath;`
machines: Add 'name' Runs blocky + unbound for custom DNS. Also adds all the common nix infrastructure needed. Signed-off-by: Christoph Heiss <christoph@c8h4.io> 2023-04-01 22:20:34 +02:00			`};`
			`}`