2026-03-23 21:18:27 +01:00
6 changed files with 6 additions and 51 deletions
--- a/flake.lock
+++ b/flake.lock
@ -16,22 +16,6 @@
        "type": "github"
      }
    },
    "blocklist": {
      "flake": false,
      "locked": {
        "lastModified": 1772371087,
        "narHash": "sha256-4exSkO2QcRy+yhQf2tV6jgO3noNNPvSeIad1YLxpazI=",
        "owner": "StevenBlack",
        "repo": "hosts",
        "rev": "484d3c71b9433e08fa887297e25a3b53c0c6fd57",
        "type": "github"
      },
      "original": {
        "owner": "StevenBlack",
        "repo": "hosts",
        "type": "github"
      }
    },
    "comin": {
      "inputs": {
        "flake-compat": "flake-compat",
@ -309,7 +293,6 @@
    "root": {
      "inputs": {
        "betterfox": "betterfox",
        "blocklist": "blocklist",
        "comin": "comin",
        "disko": "disko",
        "dns": "dns",
--- a/flake.nix
+++ b/flake.nix
@ -75,11 +75,6 @@
      url = "github:iBigQ/radicale-birthday-calendar";
      flake = false;
    };
    blocklist = {
      url = "github:StevenBlack/hosts";
      flake = false;
    };
  };
  outputs =
--- a/hosts/srv-core/default.nix
+++ b/hosts/srv-core/default.nix
@ -21,10 +21,7 @@
      };
      services = {
-        recursive-nameserver = {
+        recursive-nameserver.enable = true;
          enable = true;
          blockAds = true;
        };
        private-nameserver.enable = true;
        syncthing = {
--- a/hosts/vps-ns/default.nix
+++ b/hosts/vps-ns/default.nix
@ -21,10 +21,7 @@
    };
    services = {
-      recursive-nameserver = {
+      recursive-nameserver.enable = true;
        enable = true;
        blockAds = true;
      };
      private-nameserver.enable = true;
      public-nameserver = {
        enable = true;
--- a/modules/nixos/networking/underlay.nix
+++ b/modules/nixos/networking/underlay.nix
@ -51,7 +51,6 @@ in
          matchConfig.Name = cfg.interface;
          linkConfig.RequiredForOnline = "routable";
          networkConfig.DHCP = lib.mkIf cfg.useDhcp "yes";
          dhcpV4Config.UseDNS = lib.mkIf cfg.useDhcp false;
          address = lib.optional (cfg.cidr != null) cfg.cidr;
          routes = lib.optional (cfg.gateway != null) {
            Gateway = cfg.gateway;
--- a/modules/nixos/services/nameservers/recursive.nix
+++ b/modules/nixos/services/nameservers/recursive.nix
@ -1,7 +1,5 @@
 {
  config,
  inputs,
  pkgs,
  lib,
  allHosts,
  ...
@ -10,16 +8,6 @@ let
  cfg = config.custom.services.recursive-nameserver;
  netCfg = config.custom.networking;
  blocklist =
    pkgs.runCommand "blocklist.conf" { } ''
      echo "server:" > $out
      cat ${inputs.blocklist}/hosts \
        | grep '^0.0.0.0 ' \
        | awk '$2 != "0.0.0.0" {print "  local-zone: \"" $2 "\" refuse"}' \
        >> $out
    ''
    |> toString;
  privateNameservers =
    allHosts
    |> lib.attrValues
@ -32,7 +20,6 @@ in
      type = lib.types.port;
      default = 53;
    };
    blockAds = lib.mkEnableOption "";
  };
  config = lib.mkIf cfg.enable (
@ -41,13 +28,10 @@ in
        services = {
          unbound = {
            enable = true;
-            settings = {
+            settings.server = {
-              server = {
+              interface = [ "${netCfg.overlay.address}@${toString cfg.port}" ];
-                interface = [ "${netCfg.overlay.address}@${toString cfg.port}" ];
+              access-control = [ "${toString netCfg.overlay.networkCidr} allow" ];
-                access-control = [ "${toString netCfg.overlay.networkCidr} allow" ];
+              prefetch = true;
                prefetch = true;
              };
              include-toplevel = lib.mkIf cfg.blockAds blocklist;
            };
          };