networking: enable systemd-resolved (for tailscale)

2 files changed, 29 insertions, 13 deletions

diff --git a/config/networking.nix b/config/networking.nix
index 970e2b1..8322f8c 100644
--- a/config/networking.nix
+++ b/config/networking.nix
@@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
   personal.networking = {
     enable = true;
     firewall.http = true;
@@ -17,7 +18,15 @@
       }
     ];
     defaultGateway = "93.95.228.1";
-    nameservers = ["93.95.224.28" "93.95.224.29"];
+    nameservers = [
+      "93.95.224.28"
+      "93.95.224.29"
+    ];
+  };
+
+  services.resolved = {
+    enable = true;
+    dnsovertls = "opportunistic";
   };
 
   services.tailscale = {
diff --git a/tests/configuration.nix b/tests/configuration.nix
index e46c726..22c76c2 100644
--- a/tests/configuration.nix
+++ b/tests/configuration.nix
@@ -2,11 +2,13 @@
   config,
   lib,
   ...
-}: let
-  nginxPorts =
-    lib.concatLists
-    (lib.mapAttrsToList (_: cfg: (builtins.map (x: x.port) cfg.listen))
-      config.services.nginx.virtualHosts);
+}:
+let
+  nginxPorts = lib.concatLists (
+    lib.mapAttrsToList (
+      _: cfg: (builtins.map (x: x.port) cfg.listen)
+    ) config.services.nginx.virtualHosts
+  );
   nginxMakeLocal = port: {
     listen = lib.mkForce [
       {
@@ -17,22 +19,27 @@
     forceSSL = lib.mkForce false;
     enableACME = lib.mkForce false;
   };
-in {
-  imports = [../config];
+in
+{
+  imports = [ ../config ];
 
   boot.isContainer = true;
 
   networking = lib.mkForce {
     domain = "aristote.vm";
 
-    interfaces = {};
+    interfaces = { };
     defaultGateway = null;
-    nameservers = [];
+    nameservers = [ ];
 
-    firewall = {allowedTCPPorts = nginxPorts;};
+    firewall = {
+      allowedTCPPorts = nginxPorts;
+    };
   };
 
-  services.filtron.rules = lib.mkForce [];
+  services.resolved.enable = lib.mkForce false;
+
+  services.filtron.rules = lib.mkForce [ ];
 
   services.rss-bridge.debug = true;