From 093513e3139df6316dfc382603d0d12306ee3d45 Mon Sep 17 00:00:00 2001
From: Timothy DeHerrera <tim.deh@pm.me>
Date: Tue, 21 Jul 2020 14:34:21 -0600
Subject: [PATCH] networkmanager: use resolved and set dns over tls

---
 profiles/core.nix                   |  4 +++-
 profiles/networkmanager/default.nix | 22 +++++++++++++++++++---
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/profiles/core.nix b/profiles/core.nix
index a4f8511a..aef3a48a 100644
--- a/profiles/core.nix
+++ b/profiles/core.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, unstablePkgs, ... }:
 let inherit (lib) fileContents;
 
 in {
@@ -119,6 +119,8 @@ in {
 
   };
 
+  systemd.package = unstablePkgs.systemd;
+
   services.earlyoom.enable = true;
 
   users.mutableUsers = false;
diff --git a/profiles/networkmanager/default.nix b/profiles/networkmanager/default.nix
index 09550071..294add33 100644
--- a/profiles/networkmanager/default.nix
+++ b/profiles/networkmanager/default.nix
@@ -1,7 +1,23 @@
 { ... }: {
-  imports = [ ../misc ];
+  imports = [ ../misc/adblocking.nix ];
+
+  networking.networkmanager = {
+    enable = true;
+    wifi.backend = "iwd";
+  };
+
+  networking.nameservers =
+    [ "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];
 
-  networking.networkmanager.enable = true;
-  networking.networkmanager.wifi.backend = "iwd";
   networking.wireless.iwd.enable = true;
+
+  services.resolved = {
+    enable = true;
+    dnssec = "true";
+    fallbackDns = [ "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];
+    extraConfig = ''
+      DNSOverTLS=yes
+    '';
+  };
+
 }