From 0569118c40402420ee665a93ec4153a24ae855b5 Mon Sep 17 00:00:00 2001
From: uku <hi@uku.moe>
Date: Mon, 21 Oct 2024 14:38:09 +0200
Subject: [PATCH] feat: enable dnssec

---
 configs/common.nix            | 2 +-
 systems/mottarone/default.nix | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/configs/common.nix b/configs/common.nix
index a15f964..ad73c39 100644
--- a/configs/common.nix
+++ b/configs/common.nix
@@ -165,7 +165,7 @@ in {
 
     resolved = {
       enable = true;
-      dnssec = "allow-downgrade";
+      dnssec = "true";
       dnsovertls = "true";
     };
 
diff --git a/systems/mottarone/default.nix b/systems/mottarone/default.nix
index 067f7b5..89c195d 100644
--- a/systems/mottarone/default.nix
+++ b/systems/mottarone/default.nix
@@ -22,7 +22,10 @@
     package = pkgs.nix-ld-rs;
   };
 
-  services.resolved.dnsovertls = lib.mkForce "false";
+  services.resolved = {
+    dnssec = lib.mkForce "allow-downgrade";
+    dnsovertls = lib.mkForce "false";
+  };
 
   virtualisation.docker.enable = true;
 }