feat: massive refactoring...

2025-11-09 00:45:00 +01:00
parent f9446df46d
commit 3245b6b89f
77 changed files with 3233 additions and 582 deletions
--- a/config/dns-unbound.nix
+++ b/config/dns-unbound.nix
@@ -0,0 +1,63 @@
+{
+  config,
+  tools,
+  ...
+}:
+let
+  mask_cidr = tools.mask_cidr; # build_ip_cidr 0 config.globals.cidr;
+in
+{
+  environment.etc."alloy/logs-adguardhome.alloy".text =
+    (import ./alloy/default-journal-logger.alloy.nix {
+      inherit tools;
+      container = "dns";
+      service = "unbound";
+      additional_stages = ''
+        stage.pattern {
+          pattern = "[<_>] <level>: <message>"
+        }
+
+        stage.labels {
+          values = {
+            level = "level",
+          }
+        }
+
+        stage.output {
+          source = "message"
+        }
+      '';
+    }).out;
+  services.unbound = {
+    enable = true;
+    settings = {
+      remote-control = {
+        control-enable = true;
+        control-interface = "/run/unbound/unbound.ctl";
+      };
+      server = {
+        auto-trust-anchor-file = "/var/lib/unbound/root.key";
+        interface = "0.0.0.0";
+        port = "5335";
+        hide-identity = true;
+        hide-version = true;
+        harden-referral-path = true;
+        cache-min-ttl = 300;
+        cache-max-ttl = 14400;
+        serve-expired = true;
+        serve-expired-ttl = 3600;
+        prefetch = true;
+        prefetch-key = true;
+        private-address = [
+          mask_cidr
+        ];
+        do-ip6 = false;
+        so-sndbuf = 0;
+        access-control = [
+          "${mask_cidr} allow"
+          "127.0.0.1/32 allow"
+        ];
+      };
+    };
+  };
+}