core/networking: convert DNS resolved config to NixOS options

To help readability. Also added the default config value for DNSSEC for visibility.
2025-03-28 14:38:11 +01:00 · 2025-03-28 14:38:11 +01:00 · 09efea6e5b
commit 09efea6e5b
parent cdf9819b93
1 changed files with 23 additions and 6 deletions
--- a/modules/core/networking.nix
+++ b/modules/core/networking.nix
@ -71,14 +71,31 @@
      };
    };

+    # These nameservers land in resolved.conf as 'DNS=<list>'
+    networking.nameservers = [
+      "193.110.81.0#dns0.eu"
+      "185.253.5.0#dns0.eu"
+      "9.9.9.9#dns.quad9.net"
+      "149.112.112.112#dns.quad9.net"
+      "2a0f:fc80::#dns0.eu"
+      "2a0f:fc81::#dns0.eu"
+      "2620:fe::fe#dns.quad9.net"
+      "2620:fe::9#dns.quad9.net"
+    ];
    services.resolved = {
      enable = true;
-      extraConfig = ''
-        DNS=193.110.81.0#dns0.eu 185.253.5.0#dns0.eu 2a0f:fc80::#dns0.eu 2a0f:fc81::#dns0.eu 9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
-        FallbackDNS=5.1.66.255#dot.ffmuc.net 185.150.99.255#dot.ffmuc.net 2001:678:e68:f000::#dot.ffmuc.net 2001:678:ed0:f000::#dot.ffmuc.net
-        Domains=~.
-        DNSOverTLS=yes
-      '';
+      dnsovertls = "true";
+      # default value in nixos module
+      dnssec = "false";
+      domains = [
+        "~."
+      ];
+      fallbackDns = [
+        "5.1.66.255#dot.ffmuc.net"
+        "185.150.99.255#dot.ffmuc.net"
+        "2001:678:e68:f000::#dot.ffmuc.net"
+        "2001:678:ed0:f000::#dot.ffmuc.net"
+      ];
    };
  };
 }