feat(dns): setup dns over tls module

author: Leander Scherer <leander@schererleander.de> 2026-01-08 17:59:25 +0100
committer: Leander Scherer <leander@schererleander.de> 2026-01-08 19:08:13 +0100
commit: 8a4e66f3c36fb55e59596ef4be865a96e500df9f (patch)
tree: c4175979b1b73d93287b30bd2d683fd16c786360
parent: 4f96cf5b2b26f2d5024ec76be3ffb8b9ef351e8c (diff)
3 files changed, 83 insertions, 2 deletions
diff --git a/hosts/adam/configuration.nix b/hosts/adam/configuration.nix
index 4c8ea21..6b79fe8 100644
--- a/hosts/adam/configuration.nix
+++ b/hosts/adam/configuration.nix
@@ -61,6 +61,26 @@
     };
   };
 
+  networking.networkmanager.enable = true;
+
+  # Localisation
+  time.timeZone = "Europe/Berlin";
+  i18n.defaultLocale = "en_US.UTF-8";
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "de_DE.UTF-8";
+    LC_IDENTIFICATION = "de_DE.UTF-8";
+    LC_MEASUREMENT = "de_DE.UTF-8";
+    LC_MONETARY = "de_DE.UTF-8";
+    LC_NAME = "de_DE.UTF-8";
+    LC_NUMERIC = "de_DE.UTF-8";
+    LC_PAPER = "de_DE.UTF-8";
+    LC_TELEPHONE = "de_DE.UTF-8";
+    LC_TIME = "de_DE.UTF-8";
+  };
+
+  # Disable waiting for network to be online
+  systemd.services.NetworkManager-wait-online.enable = false;
+
   programs.dconf.enable = true;
 
   nx = {
@@ -86,8 +106,9 @@
           langs = {
             python = true;
             go = true;
-            java = true;
             latex = true;
+						nix = true;
+						lua = true;
           };
         };
         git.enable = true;
diff --git a/modules/hosts/default.nix b/modules/hosts/default.nix
index a1eaafc..327e3de 100644
--- a/modules/hosts/default.nix
+++ b/modules/hosts/default.nix
@@ -4,10 +4,10 @@
   imports = [
     ./audio
     ./desktop
+    ./dns
     ./openssh
     ./printer
     ./server
-    ./system
     ./wooting
   ];
 }
diff --git a/modules/hosts/dns/default.nix b/modules/hosts/dns/default.nix
new file mode 100644
index 0000000..8463367
--- /dev/null
+++ b/modules/hosts/dns/default.nix
@@ -0,0 +1,60 @@
+{
+  config,
+  lib,
+  ...
+}:
+
+let
+  inherit (lib) mkOption types mkIf;
+  cfg = config.nx.dns;
+in
+{
+  options.nx.dns = {
+    enable = mkOption {
+      description = "enable DNS-over-TLS using systemd-resolved";
+      type = types.bool;
+      default = false;
+    };
+    servers = mkOption {
+      description = "list of DNS-over-TLS servers to use";
+      type = types.listOf types.str;
+      default = [
+        "1.1.1.1#cloudflare-dns.com"
+        "1.0.0.1#cloudflare-dns.com"
+        "9.9.9.9#dns.quad9.net"
+        "149.112.112.112#dns.quad9.net"
+      ];
+    };
+    fallbackServers = mkOption {
+      description = "fallback DNS servers";
+      type = types.listOf types.str;
+      default = [
+        "8.8.8.8#dns.google"
+        "8.8.4.4#dns.google"
+      ];
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.resolved = {
+      enable = true;
+      dnssec = "true";
+      dnsovertls = "true";
+      domains = [ "~." ];
+      extraConfig = ''
+        DNSStubListener=yes
+        Cache=yes
+      '';
+    };
+
+    networking = {
+      nameservers = cfg.servers;
+      networkmanager.dns = lib.mkDefault "systemd-resolved";
+    };
+
+    systemd.services.systemd-resolved.environment = {
+      DNS = lib.concatStringsSep " " cfg.servers;
+      FallbackDNS = lib.concatStringsSep " " cfg.fallbackServers;
+    };
+  };
+}
author	Leander Scherer <leander@schererleander.de>	2026-01-08 17:59:25 +0100
committer	Leander Scherer <leander@schererleander.de>	2026-01-08 19:08:13 +0100
commit	8a4e66f3c36fb55e59596ef4be865a96e500df9f (patch)
tree	c4175979b1b73d93287b30bd2d683fd16c786360
parent	4f96cf5b2b26f2d5024ec76be3ffb8b9ef351e8c (diff)