configure systemd-resolved with DoTHEADmaster

Disable networkmanager from writing `/etc/resolv.conf` and use
configured DNS servers with DNS over TLS.

Prune down list of nameservers as Level3 and OpenDNS do not currently
support DoT.

Signed-off-by: Kenny Ballou <kb@devnulllabs.io>

1 files changed, 14 insertions, 1 deletions

diff --git a/system/networking.nix b/system/networking.nix
index 0d7afbe..cb37897 100644
--- a/system/networking.nix
+++ b/system/networking.nix
@@ -1,4 +1,17 @@
 { config, ... }:
 {
-  networking.networkmanager.enable = true;
+  networking = {
+    nameservers = [
+      "1.1.1.1#one.one.one.one"
+      "1.0.0.1#one.one.one.one"
+      "9.9.9.9#dns.quad9.net"
+      "8.8.8.8#dns.google"
+      "8.8.4.4#dns.google"
+      "2606:4700:4700::1111#one.one.one.one"
+      "2606:4700:4700::1001#one.one.one.one"
+      "2620:fe::fe#quad9.net"
+      "2620:fe::9#quad9.net"
+    ];
+    networkmanager.enable = true;
+  };
 }