4 files changed, 30 insertions, 20 deletions

diff --git a/modules/system/networking/default.nix b/modules/system/networking/default.nix
index 6f25d7b..ddc8d10 100644
--- a/modules/system/networking/default.nix
+++ b/modules/system/networking/default.nix
@@ -1,3 +1,4 @@
+{ secrets, ... }:
 {
   imports = [
     ./firewall
@@ -11,15 +12,22 @@
     ./tor.nix
   ];
 
+  # https://discourse.nixos.org/t/rebuild-error-failed-to-start-network-manager-wait-online/41977/2
+  systemd.network.wait-online.enable = false;
+  boot.initrd.systemd.network.wait-online.enable = false;
+
+  # https://discourse.nixos.org/t/how-to-disable-networkmanager-wait-online-service-in-the-configuration-file/19963/2
+  systemd.services.NetworkManager-wait-online.enable = false;
+
   networking = {
     hostName = "kansai";
     nftables.enable = true;
 
     nameservers = [
-      "1.1.1.1#one.one.one.one"
-      "1.0.0.1#one.one.one.one"
-      "9.9.9.9#dns.quad9.net"
-      "149.112.112.112#dns.quad9.net"
+      "45.90.28.0#${secrets.nextdns_id}.dns.nextdns.io"
+      "2a07:a8c0::#${secrets.nextdns_id}.dns.nextdns.io"
+      "45.90.30.0#${secrets.nextdns_id}.dns.nextdns.io"
+      "2a07:a8c1::#${secrets.nextdns_id}.dns.nextdns.io"
     ];
 
     timeServers = [
@@ -29,11 +37,4 @@
       "3.nixos.pool.ntp.org"
     ];
   };
-
-  # environment.etc."resolv.conf" = lib.mkForce {
-  #   source = pkgs.writeText "resolv.conf" ''
-  #     ${lib.concatStringsSep "\n" (map (ns: "nameserver ${ns}") config.networking.nameservers)}
-  #     options edns0
-  #   '';
-  # };
 }
diff --git a/modules/system/networking/dhcpcd.nix b/modules/system/networking/dhcpcd.nix
index 99ac0f3..f46b657 100644
--- a/modules/system/networking/dhcpcd.nix
+++ b/modules/system/networking/dhcpcd.nix
@@ -1,6 +1,12 @@
 {
   networking.dhcpcd = {
     wait = "background";
-    extraConfig = "noarp";
+
+    extraConfig = ''
+      noarp
+      nooption domain_name_servers, domain_name, domain_search, host_name
+      nooption ntp_servers
+      nohook resolv.conf, wpa_supplicant
+    '';
   };
 }
diff --git a/modules/system/networking/networkmanager.nix b/modules/system/networking/networkmanager.nix
index e5fdfc1..8672759 100644
--- a/modules/system/networking/networkmanager.nix
+++ b/modules/system/networking/networkmanager.nix
@@ -5,7 +5,8 @@
   networking.networkmanager = {
     enable = true;
     plugins = [ pkgs.networkmanager-openvpn ];
-    dns = "systemd-resolved";
+    # dns =
+    dns = "none"; # "systemd-resolved"
     wifi.backend = "iwd";
 
     unmanaged = [
diff --git a/modules/system/networking/resolved.nix b/modules/system/networking/resolved.nix
index 632ca7a..82effbe 100644
--- a/modules/system/networking/resolved.nix
+++ b/modules/system/networking/resolved.nix
@@ -1,15 +1,17 @@
+{ secrets, ... }:
 {
   services.resolved = {
-    enable = true;
+    enable = false;
     dnssec = "true";
     domains = [ "~." ];
     dnsovertls = "true";
+    llmnr = "false";
 
-    fallbackDns = [
-      "1.1.1.1#one.one.one.one"
-      "1.0.0.1#one.one.one.one"
-      "9.9.9.9#dns.quad9.net"
-      "149.112.112.112#dns.quad9.net"
-    ];
+    extraConfig = ''
+      DNS=45.90.28.0#${secrets.nextdns_id}.dns.nextdns.io
+      DNS=2a07:a8c0::#${secrets.nextdns_id}.dns.nextdns.io
+      DNS=45.90.30.0#${secrets.nextdns_id}.dns.nextdns.io
+      DNS=2a07:a8c1::#${secrets.nextdns_id}.dns.nextdns.io
+    '';
   };
 }