{ config, lib, ... }: with lib; let dns = import (builtins.fetchTarball "https://github.com/kirelagin/dns.nix/archive/master.tar.gz"); my = config.my; in { services.unbound = { enable = true; settings = { server = { access-control = [ "127.0.0.0/8 allow" "::1/128 allow" ] ++ map (v: "${v} allow") my.privateRanges; interface = [ "127.0.0.1" ] ++ my.ipv4Internal; }; }; }; services.nsd = { enable = true; interfaces = my.ipv6.standard ++ my.ipv4; zones = { ${my.subZone} = { data = dns.lib.toString my.subZone (import ./subZone.nix { inherit dns config lib; }); }; }; }; }