From 3736e5757ce169ce36568d2a3b696d321ebb6cad Mon Sep 17 00:00:00 2001
From: Alexander Heldt <me@alexanderheldt.se>
Date: Mon, 2 Oct 2023 16:36:33 +0200
Subject: [PATCH] pinwheel: Set DNS servers

---
 hosts/pinwheel/configuration.nix           |  4 ++++
 hosts/pinwheel/modules/openvpn/default.nix | 15 +++++++++++++--
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/hosts/pinwheel/configuration.nix b/hosts/pinwheel/configuration.nix
index 0bcb8ba..7e2f6ed 100644
--- a/hosts/pinwheel/configuration.nix
+++ b/hosts/pinwheel/configuration.nix
@@ -61,6 +61,10 @@
 
     wireless.enable = false; # Wireless is managed by networkmanager
     networkmanager.enable = true;
+    nameservers = [
+      "1.1.1.1#one.one.one.one"
+      "1.0.0.1#one.one.one.one"
+    ];
   };
 
   # Open ports in the firewall.
diff --git a/hosts/pinwheel/modules/openvpn/default.nix b/hosts/pinwheel/modules/openvpn/default.nix
index a10f43b..e4b6d79 100644
--- a/hosts/pinwheel/modules/openvpn/default.nix
+++ b/hosts/pinwheel/modules/openvpn/default.nix
@@ -5,7 +5,7 @@ in
 {
   options = {
     mod.openvpn = {
-      enable = lib.mkEnableOption "add openvpn related packages";
+      enable = lib.mkEnableOption "enable openpn module";
     };
   };
 
@@ -17,6 +17,17 @@ in
       ];
     };
 
-    services.resolved.enable = true;
+    services.resolved = {
+      enable = true;
+      dnssec = "true";
+      domains = [ "~." ];
+      fallbackDns = [
+        "1.1.1.1#one.one.one.one"
+        "1.0.0.1#one.one.one.one"
+      ];
+      extraConfig = ''
+        DNSOverTLS=yes
+      '';
+    };
   };
 }