nixos-module/container/dnscache: set tls-cert-bundle

This commit is contained in:
Astro 2021-04-14 23:25:21 +02:00
parent b73e12e32b
commit 52cac17f16
1 changed files with 2 additions and 1 deletions

View File

@ -1,4 +1,4 @@
{ hostName, config, lib, ... }:
{ hostName, config, lib, pkgs, ... }:
lib.mkIf config.site.hosts.${hostName}.services.dnscache.enable {
services.unbound = {
@ -34,6 +34,7 @@ lib.mkIf config.site.hosts.${hostName}.services.dnscache.enable {
forward-addr: 1.0.0.1@853#cloudflare-dns.com
server:
tls-cert-bundle: ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
# allow reverse lookup of rfc1918 space, which includes the DN42 address space
unblock-lan-zones: yes
insecure-lan-zones: yes