4 files changed, 26 insertions, 2 deletions

diff --git a/modules/boot/default.nix b/modules/boot/default.nix
index 05fafc6..dc062fe 100644
--- a/modules/boot/default.nix
+++ b/modules/boot/default.nix
@@ -21,6 +21,11 @@
     kernelModules = [ "v4l2loopback" ];
     extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
 
+    kernel.sysctl = {
+      "net.ipv6.conf.eth0.disable_ipv6" = true;
+      "net.ipv6.conf.tun0.disable_ipv6" = true;
+    };
+
     kernelParams = [
       "nvidia-drm.fbdev=1"
       "nvidia.NVreg_PreserveVideoMemoryAllocations=1"
diff --git a/modules/networking.nix b/modules/networking.nix
index ebe99ab..1e3449f 100644
--- a/modules/networking.nix
+++ b/modules/networking.nix
@@ -10,8 +10,10 @@
     };
 
     nameservers = [
-      "1.1.1.1"
-      "9.9.9.9"
+      "1.1.1.1#one.one.one.one"
+      "1.0.0.1#one.one.one.one"
+      "9.9.9.9#dns.quad9.net"
+      "149.112.112.112#dns.quad9.net"
     ];
 
     firewall = {
@@ -22,6 +24,7 @@
         2222
         80
         443
+        32400
       ];
     };
 
diff --git a/modules/services/default.nix b/modules/services/default.nix
index 116016a..6113696 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -6,6 +6,7 @@
     ./openssh.nix
     ./pia.nix
     ./pipewire.nix
+    ./resolved.nix
     ./xserver.nix
   ];
 
diff --git a/modules/services/resolved.nix b/modules/services/resolved.nix
new file mode 100644
index 0000000..632ca7a
--- /dev/null
+++ b/modules/services/resolved.nix
@@ -0,0 +1,15 @@
+{
+  services.resolved = {
+    enable = true;
+    dnssec = "true";
+    domains = [ "~." ];
+    dnsovertls = "true";
+
+    fallbackDns = [
+      "1.1.1.1#one.one.one.one"
+      "1.0.0.1#one.one.one.one"
+      "9.9.9.9#dns.quad9.net"
+      "149.112.112.112#dns.quad9.net"
+    ];
+  };
+}