From 3827c06fdfd930d42cd40711f8938f654b1984fc Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Sun, 2 Jan 2022 16:39:27 +0100
Subject: [PATCH] Add recursive dns server to router

---
 hosts/carbon/configuration.nix | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/hosts/carbon/configuration.nix b/hosts/carbon/configuration.nix
index abdda0c..ed9130b 100644
--- a/hosts/carbon/configuration.nix
+++ b/hosts/carbon/configuration.nix
@@ -65,6 +65,8 @@
   networking.interfaces."enp1s0.202".ipv4.addresses = [
     { address = "192.168.32.1"; prefixLength = 24; }
   ];
+  # Use Anycast Nameservers
+  networking.nameservers = [ "fd00:152:152::1" "10.152.0.1" ];
 
   networking.nat = {
     enableIPv6 = true;
@@ -80,7 +82,7 @@
       AdvSendAdvert on;
       prefix 2a01:4f8:1c0c:8221::/64 {};
       route ::/0 {};
-      RDNSS 2a01:4f8:251:554::2 {};
+      RDNSS fd00:152:152::1 {};
       DNSSL net.clerie.de {};
     };
   '';
@@ -123,7 +125,7 @@
     };
   };
 
-  networking.firewall.allowedUDPPorts = [ 60001 ];
+  networking.firewall.allowedUDPPorts = [ 53 60001 ];
 
   networking.firewall.extraCommands = ''
     iptables -A FORWARD -i enp1s0.202 -o ppp-ntvdsl -j ACCEPT
@@ -328,5 +330,16 @@
     pubkey = "sro9DUSMtVr5xV2o3GTgg+0vmLj+bRc8fN+3pIr6+HY=";
   };
 
+  services.unbound = {
+    enable = true;
+    resolveLocalQueries = false;
+    settings = {
+      server = {
+        interface = [ "fd00:152:152::1" "10.152.0.1" ];
+        access-control = [ "::/0 allow" "0.0.0.0/0 allow" ];
+      };
+    };
+  };
+
   system.stateVersion = "21.03";
 }