migrate to radicle

2026-01-21 21:55:37 -08:00
parent 928a3f56ad
commit cd8bb0fe0f
9 changed files with 462 additions and 36 deletions
@@ -1,14 +1,22 @@
-{ config, pkgs, lib, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 let
  adblockLocalZones = pkgs.stdenv.mkDerivation {
    name = "unbound-zones-adblock";

-    src = (pkgs.fetchFromGitHub {
-      owner = "StevenBlack";
-      repo = "hosts";
-      rev = "3.12.21";
-      sha256 = "Yzr6PY/zqQE+AHH0J6ioHTsgkikM+dz4aelbGpQJa1s=";
-    } + "/hosts");
+    src = (
+      pkgs.fetchFromGitHub {
+        owner = "StevenBlack";
+        repo = "hosts";
+        rev = "3.12.21";
+        sha256 = "Yzr6PY/zqQE+AHH0J6ioHTsgkikM+dz4aelbGpQJa1s=";
+      }
+      + "/hosts"
+    );

    phases = [ "installPhase" ];

@@ -40,9 +48,11 @@ let
    "photos.mossnet.lan"
    "pod.mossnet.lan"
    "mast.mossnet.lan"
+    "rad.mossnet.lan"
  ];

-in {
+in
+{
  services.unbound = {
    enable = true;
    settings = {
@@ -53,9 +63,17 @@ in {
        # private-address = "192.168.1.0/24";
        cache-min-ttl = 0;
        serve-expired = "yes";
-        interface = [ "0.0.0.0" "::" ];
-        access-control =
-          [ "127.0.0.0/8 allow" "192.168.1.0/24 allow" "10.0.69.0/24 allow" "::1 allow" "fd7d:587a:4300:1::/64 allow" ];
+        interface = [
+          "0.0.0.0"
+          "::"
+        ];
+        access-control = [
+          "127.0.0.0/8 allow"
+          "192.168.1.0/24 allow"
+          "10.0.69.0/24 allow"
+          "::1 allow"
+          "fd7d:587a:4300:1::/64 allow"
+        ];
        access-control-view = "10.0.69.0/24 wireguard";
        # so-reuseport = "yes";
        tls-upstream = "yes";
@@ -63,15 +81,17 @@ in {
        local-zone = ''"mossnet.lan." redirect'';
        local-data = ''"mossnet.lan. IN A ${mossnet}"'';
      };
-      forward-zone = [{
-        name = ".";
-        forward-addr = [
-          "45.90.28.0#6939b9.dns.nextdns.io"
-          "1.1.1.1@853#cloudflare-dns.com"
-        ];
-        # non-tls
-        # forward-addr = ["45.90.30.49" "45.90.28.49" "1.1.1.1" "8.8.8.8"] 
-      }];
+      forward-zone = [
+        {
+          name = ".";
+          forward-addr = [
+            "45.90.28.0#6939b9.dns.nextdns.io"
+            "1.1.1.1@853#cloudflare-dns.com"
+          ];
+          # non-tls
+          # forward-addr = ["45.90.30.49" "45.90.28.49" "1.1.1.1" "8.8.8.8"]
+        }
+      ];
      view = {
        name = "wireguard";
        local-zone = ''"mossnet.lan." redirect'';