nixos-config/machines/name.nix

{ lib, ... }:

{
  imports = [
    ../secrets/homelab.nix
    ../secrets/machines/name.nix
    ../services/blocky.nix
    ../services/unbound.nix
    ../system/lxc.nix
  ];

  system = {
    nssModules = lib.mkForce [ ];
    stateVersion = "23.05";
  };

  networking.firewall = {
    allowedTCPPorts = [ 53 ];
    allowedUDPPorts = [ 53 ];
  };

  # Disable all system DNS services
  services.nscd.enable = false;
  services.resolved.enable = false;

  services.unbound.settings.server.port = 5353;
  services.blocky.settings = {
    bootstrapDns.upstream = "tcp+udp:127.0.0.1:5353";
    upstream.default = [ "tcp+udp:127.0.0.1:5353" ];
  };
}