From e367cfdd2217a41a78a8dc7522de8a12fbb127f9 Mon Sep 17 00:00:00 2001
From: RGBCube <git@rgbcu.be>
Date: Sat, 20 Apr 2024 13:54:25 +0300
Subject: [PATCH] Use NextDNS and always use DNSSEC and DoT

---
 modules/resolved.nix | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/modules/resolved.nix b/modules/resolved.nix
index 4872c66..e647c1a 100644
--- a/modules/resolved.nix
+++ b/modules/resolved.nix
@@ -1,14 +1,28 @@
-{ self, lib, ... }: with lib;
+{ lib, ... }: with lib;
 
 systemConfiguration {
   services.resolved = enabled {
-    domains = [ self.cube.networking.domain ];
+    dnssec     = "true";
+    dnsovertls = "true";
+
+    extraConfig = ''
+      DNS=45.90.28.0#7f2bf8.dns.nextdns.io
+      DNS=2a07:a8c0::#7f2bf8.dns.nextdns.io
+      DNS=45.90.30.0#7f2bf8.dns.nextdns.io
+      DNS=2a07:a8c1::#7f2bf8.dns.nextdns.io
+    '';
 
-    dnsovertls  = "opportunistic";
     fallbackDns = [
       "1.1.1.1#one.one.one.one"
       "2606:4700:4700::1111#one.one.one.one"
+
+      "1.0.0.1#one.one.one.one"
+      "2606:4700:4700::1001#one.one.one.one"
+
       "8.8.8.8#dns.google"
+      "2001:4860:4860::8888#dns.google"
+
+      "8.8.4.4#dns.google"
       "2001:4860:4860::8844#dns.google"
     ];
   };