modules/wireguard: use domain-specific DNS

modules/wireguard/ehex.nix

@@ -1,5 +1,6 @@
 {
   lib,
+  pkgs,
   config,
   ...
 }: let
@@ -32,10 +33,8 @@ in {
         ips = cfg.ownIPs;
         privateKeyFile = cfg.privateKeyFile;
         postSetup = ''
-          printf "nameserver 10.0.66.10\nnameserver 10.0.66.12" | resolvconf -a wg-ehex -m 0 -x
+          ${pkgs.systemd}/bin/resolvectl dns wg-ehex 10.0.66.10 10.0.66.12
-        '';
+          ${pkgs.systemd}/bin/resolvectl domain wg-ehex ehex.cloud
-        postShutdown = ''
-          resolvconf -d wg-ehex -f
         '';
         peers = [
           {

modules/wireguard/private.nix

@@ -57,7 +57,8 @@ in {
           + (
             if cfg.useDNS
             then ''
-              printf "nameserver 10.13.12.7\nnameserver fd00:b12f:acab:1312:acab:7::" | resolvconf -a wg-private -m 0 -x
+              ${pkgs.systemd}/bin/resolvectl dns wg-private 10.13.12.7 fd00:b12f:acab:1312:acab:7::
+              ${pkgs.systemd}/bin/resolvectl domain wg-private ~.
             ''
             else ""
           )
@@ -76,9 +77,6 @@ in {
             ''
             else ""
           );
-        postShutdown = lib.mkIf cfg.useDNS ''
-          resolvconf -d wg-private -f
-        '';
         peers = [
           {
             # frikandel