From 2097a145abb55bf841124b0742ae27162df83877 Mon Sep 17 00:00:00 2001
From: reidlab <reidlab325@gmail.com>
Date: Tue, 9 Jun 2026 10:11:09 -0700
Subject: [PATCH] dns

---
 modules/hardware/networking.nix | 49 +++++++++++++++++++++++----------
 1 file changed, 34 insertions(+), 15 deletions(-)

diff --git a/modules/hardware/networking.nix b/modules/hardware/networking.nix
index 68e79b9..862b002 100644
--- a/modules/hardware/networking.nix
+++ b/modules/hardware/networking.nix
@@ -6,28 +6,47 @@ let
 in {
   options.modules.hardware.networking = {
     enable = mkEnableOption "Enable NetworkManager, a daemon for configuring network interfaces";
+    avoidRouterDns = mkEnableOption {
+      default = config.modules.core.laptop;
+      description = "Avoid using the router's DNS servers, useful on guest networks";
+    };
     powersave = mkEnableOption {
       default = config.modules.core.laptop;
       description = "Enable power saving options over Wi-Fi";
     };
   };
 
-  config = mkIf cfg.enable {
-    networking.networkmanager = {
-      enable = true;
-      dns = "systemd-resolved";
-      wifi.backend = "iwd";
-      wifi.powersave = cfg.powersave;
-    };
+  config = mkMerge [
+    (mkIf cfg.enable {
+      networking.networkmanager = {
+        enable = true;
+        dns = "systemd-resolved";
+        wifi.backend = "iwd";
+        wifi.powersave = cfg.powersave;
+      };
 
-    services.resolved.enable = true;
-    services.resolved.settings.Resolve.DNSSEC = "allow-downgrade";
-    services.resolved.settings.Resolve.DNSOverTLS = "opportunistic";
+      services.resolved.enable = true;
+      services.resolved.settings.Resolve.DNSSEC = "allow-downgrade";
+      services.resolved.settings.Resolve.DNSOverTLS = "opportunistic";
 
-    networking.wireless.iwd.enable = true;
-    networking.wireless.iwd.settings.Settings.AutoConnect = true;
+      networking.wireless.iwd.enable = true;
+      networking.wireless.iwd.settings.Settings.AutoConnect = true;
 
-    # default startup time is Slowww
-    systemd.services.NetworkManager-wait-online.enable = false;
-  };
+      # default startup time is Slowww
+      systemd.services.NetworkManager-wait-online.enable = false;
+    })
+    (mkif cfg.avoidRouterDns {
+      servers.resolved.settings.Resolve.Domains = [ "~." ];
+      networking.nameservers = [
+        "1.1.1.1#cloudflare-dns.com"
+        "8.8.8.8#dns.google"
+        "1.0.0.1#cloudflare-dns.com"
+        "8.8.4.4#dns.google"
+        "2606:4700:4700::1111#cloudflare-dns.com"
+        "2001:4860:4860::8888#dns.google"
+        "2606:4700:4700::1001#cloudflare-dns.com"
+        "2001:4860:4860::8844#dns.google"
+      ];
+    })
+  ];
 }