diff options
author | Joachim Fasting <joachifm@fastmail.fm> | 2016-08-30 19:20:08 +0200 |
---|---|---|
committer | Joachim Fasting <joachifm@fastmail.fm> | 2016-09-15 15:37:19 +0200 |
commit | 7980523e007c066495b010897f9cf240453e0ad1 (patch) | |
tree | 92c327a35f654ee1e00a692d95b16513420f702d /nixos/modules/services/networking | |
parent | fa787da36f6302b45809ec5c9b011e6bd2532956 (diff) | |
download | nixlib-7980523e007c066495b010897f9cf240453e0ad1.tar nixlib-7980523e007c066495b010897f9cf240453e0ad1.tar.gz nixlib-7980523e007c066495b010897f9cf240453e0ad1.tar.bz2 nixlib-7980523e007c066495b010897f9cf240453e0ad1.tar.lz nixlib-7980523e007c066495b010897f9cf240453e0ad1.tar.xz nixlib-7980523e007c066495b010897f9cf240453e0ad1.tar.zst nixlib-7980523e007c066495b010897f9cf240453e0ad1.zip |
unbound service: convenient handling of local forward addresses
do-not-query-localhost defaults to yes; with this patch, unbound is configured to query localhost if any of the forward addresses are local.
Diffstat (limited to 'nixos/modules/services/networking')
-rw-r--r-- | nixos/modules/services/networking/unbound.nix | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/nixos/modules/services/networking/unbound.nix b/nixos/modules/services/networking/unbound.nix index ed0744c44ccf..603c7f8fb101 100644 --- a/nixos/modules/services/networking/unbound.nix +++ b/nixos/modules/services/networking/unbound.nix @@ -12,9 +12,17 @@ let interfaces = concatMapStrings (x: " interface: ${x}\n") cfg.interfaces; - forward = optionalString (length cfg.forwardAddresses != 0) - "forward-zone:\n name: .\n" + - concatMapStrings (x: " forward-addr: ${x}\n") cfg.forwardAddresses; + isLocalAddress = x: substring 0 9 x == "127.0.0.1"; + + forward = + optionalString (any isLocalAddress cfg.forwardAddresses) '' + do-not-query-localhost: no + '' + + optionalString (cfg.forwardAddresses != []) '' + forward-zone: + name: . + '' + + concatMapStringsSep "\n" (x: " forward-addr: ${x}") cfg.forwardAddresses; rootTrustAnchorFile = "${stateDir}/root.key"; |