From 39ed30937ec29217820583e07ff1f447d08b9898 Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Fri, 14 Apr 2023 02:51:09 +0300 Subject: 2023-04-14 --- modules/nixos/unbound.nix | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'modules/nixos/unbound.nix') diff --git a/modules/nixos/unbound.nix b/modules/nixos/unbound.nix index 2291cc7..79d52eb 100644 --- a/modules/nixos/unbound.nix +++ b/modules/nixos/unbound.nix @@ -86,13 +86,16 @@ in { "${ipv6.subnet} allow" ]; - private-domain = cfg.domain; + private-domain = "${cfg.domain}."; private-address = with config.nixfiles.modules.wireguard; [ ipv4.subnet ipv6.subnet ]; - domain-insecure = cfg.domain; + cache-min-ttl = 0; + + serve-expired = true; + serve-expired-reply-ttl = 0; prefetch = true; prefetch-key = true; @@ -123,6 +126,8 @@ in { }; }; + enableRootTrustAnchor = true; + localControlSocketPath = "/run/unbound/unbound.socket"; }; @@ -174,5 +179,7 @@ in { wantedBy = ["timers.target"]; }; }; + + boot.kernel.sysctl."net.ipv4.tcp_fastopen" = mkOverride 200 3; }; } -- cgit 1.4.1