Forward Alfis domain names to external Alfis resolver

2 files changed, 18 insertions, 2 deletions

diff --git a/nixos/common.nix b/nixos/common.nix
index e898dec..ef1fcff 100644
--- a/nixos/common.nix
+++ b/nixos/common.nix
@@ -38,10 +38,24 @@ in
 
   networking.networkmanager.enable = true;
 
-  services.unbound = {
+  services.unbound =
+  let
+    alfisTld = [ "anon." "btn." "conf." "index." "merch." "mirror." "mob." "screen." "srv." "ygg." ];
+  in {
     enable = true;
     resolveLocalQueries = true;
-    settings.server.log-servfail = true;
+    settings = {
+      server = {
+        log-servfail = true;
+        domain-insecure = alfisTld;
+      };
+      forward-zone = map (tld: {
+          name = tld;
+          forward-addr = "324:71e:281a:9ed3::53";
+          forward-tcp-upstream = false;
+          forward-tls-upstream = false;
+        }) alfisTld;
+    };
   };
   services.resolved.enable = false;
 
diff --git a/nixos/lindy.nix b/nixos/lindy.nix
index a2ae352..6907e82 100644
--- a/nixos/lindy.nix
+++ b/nixos/lindy.nix
@@ -105,6 +105,8 @@ Kogami UUID=61534c91-df18-4c71-9244-54e677f5d4fa /root/kogami_key
 
   environment.systemPackages = with pkgs; [ zfs docker-compose ];
 
+  nix.gc.automatic = false;
+
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
   hardware.cpu.intel.updateMicrocode =