resolved: move to core

2 files changed, 18 insertions, 0 deletions

diff --git a/modules/core/networking/default.nix b/modules/core/networking/default.nix
index 608be0b..ebdcd55 100644
--- a/modules/core/networking/default.nix
+++ b/modules/core/networking/default.nix
@@ -2,6 +2,7 @@
 {
   imports = [
     ./firewall
+    ./resolved.nix
     ./tailscale.nix
   ];
 
diff --git a/modules/core/networking/resolved.nix b/modules/core/networking/resolved.nix
new file mode 100644
index 0000000..82effbe
--- /dev/null
+++ b/modules/core/networking/resolved.nix
@@ -0,0 +1,17 @@
+{ secrets, ... }:
+{
+  services.resolved = {
+    enable = false;
+    dnssec = "true";
+    domains = [ "~." ];
+    dnsovertls = "true";
+    llmnr = "false";
+
+    extraConfig = ''
+      DNS=45.90.28.0#${secrets.nextdns_id}.dns.nextdns.io
+      DNS=2a07:a8c0::#${secrets.nextdns_id}.dns.nextdns.io
+      DNS=45.90.30.0#${secrets.nextdns_id}.dns.nextdns.io
+      DNS=2a07:a8c1::#${secrets.nextdns_id}.dns.nextdns.io
+    '';
+  };
+}