From 5a26ebf03cb3a3a2f16b2dc182c65424554870ba Mon Sep 17 00:00:00 2001
From: Kenny Ballou <kb@devnulllabs.io>
Date: Fri, 23 Jul 2021 11:36:49 -0600
Subject: configure systemd-resolved with DoT

Disable networkmanager from writing `/etc/resolv.conf` and use
configured DNS servers with DNS over TLS.

Prune down list of nameservers as Level3 and OpenDNS do not currently
support DoT.

Signed-off-by: Kenny Ballou <kb@devnulllabs.io>
---
 system/networking.nix | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

(limited to 'system/networking.nix')

diff --git a/system/networking.nix b/system/networking.nix
index 0d7afbe..cb37897 100644
--- a/system/networking.nix
+++ b/system/networking.nix
@@ -1,4 +1,17 @@
 { config, ... }:
 {
-  networking.networkmanager.enable = true;
+  networking = {
+    nameservers = [
+      "1.1.1.1#one.one.one.one"
+      "1.0.0.1#one.one.one.one"
+      "9.9.9.9#dns.quad9.net"
+      "8.8.8.8#dns.google"
+      "8.8.4.4#dns.google"
+      "2606:4700:4700::1111#one.one.one.one"
+      "2606:4700:4700::1001#one.one.one.one"
+      "2620:fe::fe#quad9.net"
+      "2620:fe::9#quad9.net"
+    ];
+    networkmanager.enable = true;
+  };
 }
-- 
cgit v1.2.1