nixos-module/container/dnscache: set tls-cert-bundle
This commit is contained in:
parent
b73e12e32b
commit
52cac17f16
|
@ -1,4 +1,4 @@
|
||||||
{ hostName, config, lib, ... }:
|
{ hostName, config, lib, pkgs, ... }:
|
||||||
|
|
||||||
lib.mkIf config.site.hosts.${hostName}.services.dnscache.enable {
|
lib.mkIf config.site.hosts.${hostName}.services.dnscache.enable {
|
||||||
services.unbound = {
|
services.unbound = {
|
||||||
|
@ -34,6 +34,7 @@ lib.mkIf config.site.hosts.${hostName}.services.dnscache.enable {
|
||||||
forward-addr: 1.0.0.1@853#cloudflare-dns.com
|
forward-addr: 1.0.0.1@853#cloudflare-dns.com
|
||||||
|
|
||||||
server:
|
server:
|
||||||
|
tls-cert-bundle: ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
|
||||||
# allow reverse lookup of rfc1918 space, which includes the DN42 address space
|
# allow reverse lookup of rfc1918 space, which includes the DN42 address space
|
||||||
unblock-lan-zones: yes
|
unblock-lan-zones: yes
|
||||||
insecure-lan-zones: yes
|
insecure-lan-zones: yes
|
||||||
|
|
Loading…
Reference in New Issue