From 2009ed5472acb16c0b2e4b71998bce7e32d34856 Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Mon, 1 May 2023 18:27:32 +0200
Subject: [PATCH] modules/networking-client: use opportunistic DoT

---
 modules/networking-client/default.nix | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/modules/networking-client/default.nix b/modules/networking-client/default.nix
index 0884ad5..d22cf98 100644
--- a/modules/networking-client/default.nix
+++ b/modules/networking-client/default.nix
@@ -1,3 +1,4 @@
+{ config, ... }:
 {
   networking.useDHCP = false;
 
@@ -13,10 +14,18 @@
   };
   services.resolved = {
     enable = true;
-    fallbackDns = [ "10.1.0.1" ];
+    fallbackDns = [
+      "95.216.8.12#securedns.privatevoid.net"
+      "152.67.73.164#securedns.privatevoid.net"
+      "10.1.0.1"
+    ];
     llmnr = "true";
     dnssec = "false";
-    extraConfig = "Cache=no-negative";
+    extraConfig = ''
+      Cache=no-negative
+      DNSOverTLS=opportunistic
+      DNS=${builtins.concatStringsSep " " config.services.resolved.fallbackDns}
+    '';
   };
   networking.firewall = let
     ports = [