From 28a0ecccf54a2da4a4ec637d76f6b39259914cb6 Mon Sep 17 00:00:00 2001
From: Leander Scherer <leander@schererleander.de>
Date: Sun, 18 Jan 2026 19:17:26 +0100
Subject: fix(dns): migrate resolved config to new settings

---
 modules/nixos/dns/default.nix | 41 ++++++++++++++++++++++-------------------
 1 file changed, 22 insertions(+), 19 deletions(-)

(limited to 'modules/nixos')

diff --git a/modules/nixos/dns/default.nix b/modules/nixos/dns/default.nix
index 0b8cf90..ac80e5c 100644
--- a/modules/nixos/dns/default.nix
+++ b/modules/nixos/dns/default.nix
@@ -21,24 +21,27 @@ in
     };
   };
 
-  config = mkIf cfg.enable {
-    services.resolved = {
-      enable = true;
-      dnssec = "true";
-      dnsovertls = "true";
-      domains = [ "~." ];
-      extraConfig = ''
-        DNSStubListener=yes
-        Cache=yes
-      '';
+    config = mkIf cfg.enable {
+      services.resolved = {
+        enable = true;
+        settings = {
+          Resolve = {
+            DNS = cfg.servers;
+            FallbackDNS = cfg.fallbackServers;
+            DNSSEC = true;
+            DNSOverTLS = true;
+            Domains = [ "~." ];
+          };
+        };
+      };
+      networking = {
+        nameservers = cfg.servers;
+        networkmanager.dns = lib.mkDefault "systemd-resolved";
+      };
+      systemd.services.systemd-resolved.environment = {
+        DNS = concatStringsSep " " cfg.servers;
+        FallbackDNS = concatStringsSep " " cfg.fallbackServers;
+      };
     };
-    networking = {
-      nameservers = cfg.servers;
-      networkmanager.dns = lib.mkDefault "systemd-resolved";
-    };
-    systemd.services.systemd-resolved.environment = {
-      DNS = concatStringsSep " " cfg.servers;
-      FallbackDNS = concatStringsSep " " cfg.fallbackServers;
-    };
-  };
+
 }
-- 
cgit v1.3.1