bgpwtf: fix edge01 DNS blackholing

The grapevine says that people were being fined for not supporting a
punycode domain. This was broken in rsh-unbound, so I had to fix it. I
then also realized we never were reloading unbound, so some changes
might've been slow to propagate.

Change-Id: Ie461a2ba27b5f447654a70f56bd73d3732b256ee
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1180
Reviewed-by: q3k <q3k@hackerspace.pl>

bgpwtf/machines/edge01.waw.bgp.wtf.nix

@@ -51,8 +51,14 @@ in rec {
       # Rejestr Stron Hazardowych.
       # Populated by the rsh-unbound daemon.
       include: "/var/lib/unbound/rsh.conf"
+
+      remote-control:
+         control-enable: yes
+         control-interface: /var/run/unbound.ctl
     '';
   };
+  # Fix `systemctl reload unbound`.
+  systemd.services.unbound.reload = "${pkgs.unbound}/bin/unbound-control -c /var/lib/unbound/unbound.conf reload";
   hscloud.rsh = {
     enable = true;
     out = "/var/lib/unbound/rsh.conf";

bgpwtf/machines/modules/rsh-unbound.nix

@@ -36,11 +36,11 @@ let
     src = pkgs.fetchFromGitHub {
       owner = "q3k";
       repo = "rsh-unbound";
-      rev = "3d98c754adadddfae59387d033aef531f47dee5d";
-      sha256 = "1ia33893m1dknw36vss97limlb1d28z5nkrkw6b4mp1igdgqsfcz";
+      rev = "31f8975d30a301fdf6f1d445826ebcd671ae07a3";
+      sha256 = "sha256-twI9VzPLBgztdccDgB29lJG7ekwpjr1eh27nR5F/TMA=";
     };
 
-    vendorSha256 = "1w94g2dwhf47jmds95frb26ypjmis5zhyy85rmd124v0nz3axzhf";
+    vendorSha256 = "sha256-A8yHaqSWHhvNmGrk6C6XOVYfVaFbiPmKqglg6gImwWM=";
   };
 
   cfg = config.hscloud.rsh;