From 9fb2a7359c28e5cf04c793572fbe6fa50ed99e3c Mon Sep 17 00:00:00 2001
From: DarkGuibrine <darkgui@protonmail.com>
Date: Sun, 10 May 2026 17:24:39 -0300
Subject: [PATCH] unbound add in vps

---
 hosts/darkgui-vps/config/pkgs.nix             |  1 +
 .../config/self-host/self-host.nix            | 35 +++++++++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/hosts/darkgui-vps/config/pkgs.nix b/hosts/darkgui-vps/config/pkgs.nix
index 353bdc9..dd4a4e7 100644
--- a/hosts/darkgui-vps/config/pkgs.nix
+++ b/hosts/darkgui-vps/config/pkgs.nix
@@ -31,5 +31,6 @@
 
     ## Segurança
     unbound
+    dig
   ];
 }
diff --git a/hosts/darkgui-vps/config/self-host/self-host.nix b/hosts/darkgui-vps/config/self-host/self-host.nix
index 24c3963..bc3d9d8 100644
--- a/hosts/darkgui-vps/config/self-host/self-host.nix
+++ b/hosts/darkgui-vps/config/self-host/self-host.nix
@@ -56,4 +56,39 @@
     ];
   };
 
+  services.unbound = {
+    enable = true;
+    settings = {
+      server = {
+        verbosity = 0;
+        interface = [ "127.0.0.1" ];
+        port = 5335;
+
+        do-ip4 = "yes";
+        do-udp = "yes";
+        do-tcp = "yes";
+        do-ip6 = "no";
+        prefer-ip6 = "no";
+
+        harden-glue = "yes";
+        harden-dnssec-stripped = "yes";
+        use-caps-for-id = "no";
+        edns-buffer-size = 1232;
+        prefetch = "yes";
+        num-threads = 1;
+        so-rcvbuf = "1m";
+
+        private-address = [
+          "192.168.0.0/16"
+          "169.254.0.0/16"
+          "172.16.0.0/12"
+          "10.0.0.0/8"
+          "fd00::/8"
+          "fe80::/10"
+          "100.0.0.0/8"
+        ];
+      };
+    };
+  };
+
 }