From a75c2ae69a3c67267d178ad24e4b8a8b14a1dd54 Mon Sep 17 00:00:00 2001
From: Stefan Ellmauthaler <stefan.ellmauthaler@tu-dresden.de>
Date: Tue, 19 Jul 2022 11:11:49 +0200
Subject: [PATCH] Add unbound service to server

---
 modules/server/default.nix |  2 ++
 modules/server/unbound.nix | 30 ++++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+)
 create mode 100644 modules/server/unbound.nix

diff --git a/modules/server/default.nix b/modules/server/default.nix
index 7861e37..a291717 100644
--- a/modules/server/default.nix
+++ b/modules/server/default.nix
@@ -12,6 +12,7 @@ with lib; {
     ./nginx.nix
     ./smailserver.nix
     ./sql.nix
+    ./unbound.nix
   ];
 
   config =
@@ -24,6 +25,7 @@ with lib; {
           sql.enable = mkDefault true;
           smailserver.enable = mkDefault false; # TODO fix simple mail server
           nextcloud.enable = mkDefault true;
+          unbound.enable = mkDefault true;
         };
       };
 }
diff --git a/modules/server/unbound.nix b/modules/server/unbound.nix
new file mode 100644
index 0000000..9a6a03b
--- /dev/null
+++ b/modules/server/unbound.nix
@@ -0,0 +1,30 @@
+{ config, lib, pkgs, ... }:
+with lib; {
+  options.elss.server.unbound.enable = mkEnableOption "Set unbound dns up";
+  config =
+    let
+      cfg = config.elss.server.unbound;
+    in
+    mkIf cfg.enable {
+      services = {
+        resolved = {
+          enable = true;
+          dnssec = "true";
+          llmnr = "true";
+          fallbackDns = [ "127.0.0.1" "::1" ];
+          extraConfig = ''
+            DNS = 127.0.0.1 ::1
+            Domains = ~.
+          '';
+        };
+        unbound = {
+          enable = true;
+          settings.server.interface = [ "127.0.0.0" "::1" ];
+        };
+      };
+      networking = {
+        nameservers = [ "127.0.0.1" "::1"];
+        resolvconf.useLocalResolver = true;
+      };
+    };
+}