{ config, inputs, pkgs, ... }:

{
  networking.useDHCP = false;

  networking.networkmanager = {
    dns = "systemd-resolved";
    enableStrongSwan = false;
    extraConfig = ''
      [connectivity]
      uri=http://whoami.privatevoid.net/online
      response=CONNECTED_GLOBAL
      interval=120
    '';
  };
  services.resolved = {
    enable = true;
    fallbackDns = [
      "95.216.8.12#securedns.privatevoid.net"
      "152.67.73.164#securedns.privatevoid.net"
      "10.1.0.1"
    ];
    llmnr = "true";
    dnssec = "false";
    extraConfig = ''
      Cache=no-negative
      DNSOverTLS=opportunistic
      DNS=${builtins.concatStringsSep " " config.services.resolved.fallbackDns}
    '';
  };
  networking.firewall = let
    ports = [
      5355 # llmnr
    ];
  in {
    allowedTCPPorts = ports;
    allowedUDPPorts = ports;
  };

  boot.extraModulePackages = [
    (inputs.self.packages.${pkgs.system}.evil.override {
      inherit (config.boot.kernelPackages) kernel;
    })
  ];

  boot.kernelModules = [ "evil" ];
}