From 19c07fce311910383a5ba1d7ff188355b5f2c477 Mon Sep 17 00:00:00 2001
From: workflow <4farlion@gmail.com>
Date: Tue, 23 Jul 2024 23:27:16 +0100
Subject: [PATCH] feat(dns): enable and configure resolved

---
 system/networking.nix | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/system/networking.nix b/system/networking.nix
index e2dc034..7636738 100644
--- a/system/networking.nix
+++ b/system/networking.nix
@@ -4,9 +4,6 @@
     logReversePathDrops = true;
   };
 
-  networking.extraHosts = ''
-  '';
-
   # Tailscale
   services.tailscale.enable = true;
   services.tailscale.useRoutingFeatures = "client";
@@ -26,14 +23,18 @@
 
   networking.networkmanager = {
     enable = true;
-    plugins = [pkgs.networkmanager-l2tp];
-    dns = "none"; # Make sure networkmanager doesn't override our DNS settings
+    dns = "systemd-resolved"; # Make sure networkmanager doesn't override our DNS settings
   };
 
+  # DNS Config
   networking.nameservers = [
     "127.0.0.1"
-    "1.1.1.1"
   ];
+  services.resolved = {
+    enable = true;
+    dnsovertls = true;
+    fallbackDns = []; # Ensure we always go through dnscrypt-proxy
+  };
 
   # Prevent IPv6 leaks when using VPNs
   networking.enableIPv6 = false;
@@ -68,6 +69,9 @@
       # server_names = [ ... ];
     };
   };
+  systemd.services.dnscrypt-proxy2.serviceConfig = {
+    StateDirectory = "dnscrypt-proxy";
+  };
 
   # MacGyver
   systemd.services.macgyver = {
@@ -84,10 +88,6 @@
     };
   };
 
-  systemd.services.dnscrypt-proxy2.serviceConfig = {
-    StateDirectory = "dnscrypt-proxy";
-  };
-
   programs.wireshark.enable = true;
   users.users.farlion.extraGroups = ["wireshark"];
 }