ambroisie/nix-config
ambroisie/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

services: adblock: use new 'settings' option

Browse source 
This shows that I have not upgraded the server in a while...
This commit is contained in:
Bruno BELANYI 2021-05-20 15:31:04 +00:00
parent ee33ab11c6
commit 986701d1c8
1 changed files with 19 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
services/adblock.nix
View file

@ -45,21 +45,28 @@ in
services.unbound = {
enable = true;
allowedAccess = [
"127.0.0.0/24"
"${wgCfg.net.v4.subnet}.0/${toString wgCfg.net.v4.mask}"
"${wgCfg.net.v6.subnet}::0/${toString wgCfg.net.v6.mask}"
];
settings = {
server = {
access-control = [
"127.0.0.0/24 allow"
"${wgCfg.net.v4.subnet}.0/${toString wgCfg.net.v4.mask} allow"
"${wgCfg.net.v6.subnet}::0/${toString wgCfg.net.v6.mask} allow"
];
inherit (cfg) forwardAddresses interfaces;
interface = cfg.interfaces;
extraConfig = ''
so-reuseport: yes
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
tls-upstream: yes
so-reuseport = true;
tls-cert-bundle = "/etc/ssl/certs/ca-certificates.crt";
tls-upstream = true;
include: "${pkgs.ambroisie.unbound-zones-adblock}/hosts"
'';
include = "${pkgs.ambroisie.unbound-zones-adblock}/hosts";
};
forward-zone = [{
name = ".";
forward-addr = cfg.forwardAddresses;
}];
};
};
};
}