2023-04-14

author: Azat Bahawi <azat@bahawi.net> 2023-04-14 02:51:09 +0300
committer: Azat Bahawi <azat@bahawi.net> 2023-04-14 02:51:09 +0300
commit: 39ed30937ec29217820583e07ff1f447d08b9898 (patch)
tree: 96dc9d1a62e320c89510cd910add2ce8fb819850 /modules/nixos/unbound.nix
parent: 2023-04-12 (diff)
1 files changed, 9 insertions, 2 deletions
diff --git a/modules/nixos/unbound.nix b/modules/nixos/unbound.nix
index 2291cc7..79d52eb 100644
--- a/modules/nixos/unbound.nix
+++ b/modules/nixos/unbound.nix
@@ -86,13 +86,16 @@ in {
                 "${ipv6.subnet} allow"
               ];
 
-              private-domain = cfg.domain;
+              private-domain = "${cfg.domain}.";
               private-address = with config.nixfiles.modules.wireguard; [
                 ipv4.subnet
                 ipv6.subnet
               ];
 
-              domain-insecure = cfg.domain;
+              cache-min-ttl = 0;
+
+              serve-expired = true;
+              serve-expired-reply-ttl = 0;
 
               prefetch = true;
               prefetch-key = true;
@@ -123,6 +126,8 @@ in {
             };
           };
 
+          enableRootTrustAnchor = true;
+
           localControlSocketPath = "/run/unbound/unbound.socket";
         };
 
@@ -174,5 +179,7 @@ in {
           wantedBy = ["timers.target"];
         };
       };
+
+      boot.kernel.sysctl."net.ipv4.tcp_fastopen" = mkOverride 200 3;
     };
 }
author	Azat Bahawi <azat@bahawi.net>	2023-04-14 02:51:09 +0300
committer	Azat Bahawi <azat@bahawi.net>	2023-04-14 02:51:09 +0300
commit	39ed30937ec29217820583e07ff1f447d08b9898 (patch)
tree	96dc9d1a62e320c89510cd910add2ce8fb819850 /modules/nixos/unbound.nix
parent	2023-04-12 (diff)