core/networking: convert DNS resolved config to NixOS options

To help readability. Also added the default config value for DNSSEC
for visibility.
This commit is contained in:
teutat3s 2025-03-28 14:38:11 +01:00
parent cdf9819b93
commit 09efea6e5b
Signed by: teutat3s
GPG key ID: 4FA1D3FA524F22C1

View file

@ -71,14 +71,31 @@
};
};
# These nameservers land in resolved.conf as 'DNS=<list>'
networking.nameservers = [
"193.110.81.0#dns0.eu"
"185.253.5.0#dns0.eu"
"9.9.9.9#dns.quad9.net"
"149.112.112.112#dns.quad9.net"
"2a0f:fc80::#dns0.eu"
"2a0f:fc81::#dns0.eu"
"2620:fe::fe#dns.quad9.net"
"2620:fe::9#dns.quad9.net"
];
services.resolved = {
enable = true;
extraConfig = ''
DNS=193.110.81.0#dns0.eu 185.253.5.0#dns0.eu 2a0f:fc80::#dns0.eu 2a0f:fc81::#dns0.eu 9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
FallbackDNS=5.1.66.255#dot.ffmuc.net 185.150.99.255#dot.ffmuc.net 2001:678:e68:f000::#dot.ffmuc.net 2001:678:ed0:f000::#dot.ffmuc.net
Domains=~.
DNSOverTLS=yes
'';
dnsovertls = "true";
# default value in nixos module
dnssec = "false";
domains = [
"~."
];
fallbackDns = [
"5.1.66.255#dot.ffmuc.net"
"185.150.99.255#dot.ffmuc.net"
"2001:678:e68:f000::#dot.ffmuc.net"
"2001:678:ed0:f000::#dot.ffmuc.net"
];
};
};
}