forked from hswaw/hscloud
bgpwtf: fix edge01 DNS blackholing
The grapevine says that people were being fined for not supporting a punycode domain. This was broken in rsh-unbound, so I had to fix it. I then also realized we never were reloading unbound, so some changes might've been slow to propagate. Change-Id: Ie461a2ba27b5f447654a70f56bd73d3732b256ee Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1180 Reviewed-by: q3k <q3k@hackerspace.pl>master
parent
b754fee4e3
commit
767f031898
|
@ -51,8 +51,14 @@ in rec {
|
|||
# Rejestr Stron Hazardowych.
|
||||
# Populated by the rsh-unbound daemon.
|
||||
include: "/var/lib/unbound/rsh.conf"
|
||||
|
||||
remote-control:
|
||||
control-enable: yes
|
||||
control-interface: /var/run/unbound.ctl
|
||||
'';
|
||||
};
|
||||
# Fix `systemctl reload unbound`.
|
||||
systemd.services.unbound.reload = "${pkgs.unbound}/bin/unbound-control -c /var/lib/unbound/unbound.conf reload";
|
||||
hscloud.rsh = {
|
||||
enable = true;
|
||||
out = "/var/lib/unbound/rsh.conf";
|
||||
|
|
|
@ -36,11 +36,11 @@ let
|
|||
src = pkgs.fetchFromGitHub {
|
||||
owner = "q3k";
|
||||
repo = "rsh-unbound";
|
||||
rev = "3d98c754adadddfae59387d033aef531f47dee5d";
|
||||
sha256 = "1ia33893m1dknw36vss97limlb1d28z5nkrkw6b4mp1igdgqsfcz";
|
||||
rev = "31f8975d30a301fdf6f1d445826ebcd671ae07a3";
|
||||
sha256 = "sha256-twI9VzPLBgztdccDgB29lJG7ekwpjr1eh27nR5F/TMA=";
|
||||
};
|
||||
|
||||
vendorSha256 = "1w94g2dwhf47jmds95frb26ypjmis5zhyy85rmd124v0nz3axzhf";
|
||||
vendorSha256 = "sha256-A8yHaqSWHhvNmGrk6C6XOVYfVaFbiPmKqglg6gImwWM=";
|
||||
};
|
||||
|
||||
cfg = config.hscloud.rsh;
|
||||
|
|
Loading…
Reference in New Issue