From 18b782a8308d478411dd578d07f0f9d3ddf57cc9 Mon Sep 17 00:00:00 2001
From: Minijackson <minijackson@riseup.net>
Date: Tue, 7 Jun 2022 19:00:43 +0200
Subject: dnscrypt: handle resolved configuration

---
 usecases/common/dnscrypt.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/usecases/common/dnscrypt.nix b/usecases/common/dnscrypt.nix
index 151f428..2991ed6 100644
--- a/usecases/common/dnscrypt.nix
+++ b/usecases/common/dnscrypt.nix
@@ -74,8 +74,18 @@ inputs:
 
   networking.resolvconf.useLocalResolver = true;
 
+  # Do not use per-link DNS servers for systemd-resolved
+  services.resolved = {
+    domains = [ "~." ];
+    dnssec = "false";
+  };
+
   specialisation.defaultDNS.configuration = {
     networking.resolvconf.useLocalResolver = lib.mkForce false;
     services.dnscrypt-proxy2.enable = lib.mkForce false;
+    services.resolved = {
+      domains = lib.mkForce config.networking.search;
+      dnssec = lib.mkForce "true";
+    };
   };
 }
-- 
cgit v1.2.3