From 986701d1c8c4ac6ba5d978cf1cff220fdddea5e4 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 20 May 2021 15:31:04 +0000
Subject: [PATCH] services: adblock: use new 'settings' option

This shows that I have not upgraded the server in a while...
---
 services/adblock.nix | 31 +++++++++++++++++++------------
 1 file changed, 19 insertions(+), 12 deletions(-)

diff --git a/services/adblock.nix b/services/adblock.nix
index 23d63c8..45e4d6e 100644
--- a/services/adblock.nix
+++ b/services/adblock.nix
@@ -45,21 +45,28 @@ in
     services.unbound = {
       enable = true;
 
-      allowedAccess = [
-        "127.0.0.0/24"
-        "${wgCfg.net.v4.subnet}.0/${toString wgCfg.net.v4.mask}"
-        "${wgCfg.net.v6.subnet}::0/${toString wgCfg.net.v6.mask}"
-      ];
+      settings = {
+        server = {
+          access-control = [
+            "127.0.0.0/24 allow"
+            "${wgCfg.net.v4.subnet}.0/${toString wgCfg.net.v4.mask} allow"
+            "${wgCfg.net.v6.subnet}::0/${toString wgCfg.net.v6.mask} allow"
+          ];
 
-      inherit (cfg) forwardAddresses interfaces;
+          interface = cfg.interfaces;
 
-      extraConfig = ''
-        so-reuseport: yes
-        tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
-        tls-upstream: yes
+          so-reuseport = true;
+          tls-cert-bundle = "/etc/ssl/certs/ca-certificates.crt";
+          tls-upstream = true;
 
-        include: "${pkgs.ambroisie.unbound-zones-adblock}/hosts"
-      '';
+          include = "${pkgs.ambroisie.unbound-zones-adblock}/hosts";
+        };
+
+        forward-zone = [{
+          name = ".";
+          forward-addr = cfg.forwardAddresses;
+        }];
+      };
     };
   };
 }