dns

2026-06-09 10:11:09 -07:00 · 2026-06-09 10:11:09 -07:00 · f7319a5828
commit f7319a5828
parent cae0bdfc96
1 changed files with 34 additions and 15 deletions
--- a/modules/hardware/networking.nix
+++ b/modules/hardware/networking.nix
@ -6,28 +6,47 @@ let
 in {
  options.modules.hardware.networking = {
    enable = mkEnableOption "Enable NetworkManager, a daemon for configuring network interfaces";
+    avoidRouterDns = mkEnableOption {
+      default = config.modules.core.laptop;
+      description = "Avoid using the router's DNS servers, useful on guest networks";
+    };
    powersave = mkEnableOption {
      default = config.modules.core.laptop;
      description = "Enable power saving options over Wi-Fi";
    };
  };

-  config = mkIf cfg.enable {
-    networking.networkmanager = {
-      enable = true;
-      dns = "systemd-resolved";
-      wifi.backend = "iwd";
-      wifi.powersave = cfg.powersave;
-    };
+  config = mkMerge [
+    (mkIf cfg.enable {
+      networking.networkmanager = {
+        enable = true;
+        dns = "systemd-resolved";
+        wifi.backend = "iwd";
+        wifi.powersave = cfg.powersave;
+      };

-    services.resolved.enable = true;
-    services.resolved.settings.Resolve.DNSSEC = "allow-downgrade";
-    services.resolved.settings.Resolve.DNSOverTLS = "opportunistic";
+      services.resolved.enable = true;
+      services.resolved.settings.Resolve.DNSSEC = "allow-downgrade";
+      services.resolved.settings.Resolve.DNSOverTLS = "opportunistic";

-    networking.wireless.iwd.enable = true;
-    networking.wireless.iwd.settings.Settings.AutoConnect = true;
+      networking.wireless.iwd.enable = true;
+      networking.wireless.iwd.settings.Settings.AutoConnect = true;

-    # default startup time is Slowww
-    systemd.services.NetworkManager-wait-online.enable = false;
-  };
+      # default startup time is Slowww
+      systemd.services.NetworkManager-wait-online.enable = false;
+    })
+    (mkIf cfg.avoidRouterDns {
+      servers.resolved.settings.Resolve.Domains = [ "~." ];
+      networking.nameservers = [
+        "1.1.1.1#cloudflare-dns.com"
+        "8.8.8.8#dns.google"
+        "1.0.0.1#cloudflare-dns.com"
+        "8.8.4.4#dns.google"
+        "2606:4700:4700::1111#cloudflare-dns.com"
+        "2001:4860:4860::8888#dns.google"
+        "2606:4700:4700::1001#cloudflare-dns.com"
+        "2001:4860:4860::8844#dns.google"
+      ];
+    })
+  ];
 }