From 6f48ba81b47352d72785fd82c0929387f01e28c7 Mon Sep 17 00:00:00 2001
From: uku <hi@uku.moe>
Date: Mon, 22 Jul 2024 17:36:48 +0200
Subject: [PATCH] fix(vesuvio): make dns resolution actually work

---
 configs/common.nix          |  7 +++---
 systems/vesuvio/default.nix | 49 +++++++++++++++++++++++--------------
 2 files changed, 34 insertions(+), 22 deletions(-)

diff --git a/configs/common.nix b/configs/common.nix
index f8844c1..680ee13 100644
--- a/configs/common.nix
+++ b/configs/common.nix
@@ -68,7 +68,7 @@ in {
 
   networking.networkmanager = {
     enable = true;
-    dns = "systemd-resolved";
+    dns = lib.mkDefault "systemd-resolved";
   };
 
   nix = {
@@ -138,10 +138,9 @@ in {
     resolved = {
       enable = lib.mkDefault true;
       dnssec = "allow-downgrade";
-      extraConfig = lib.mkDefault ''
-        [Resolve]
+      dnsovertls = "true";
+      extraConfig = ''
         DNS=1.1.1.1 1.0.0.1
-        DNSOverTLS=yes
       '';
     };
 
diff --git a/systems/vesuvio/default.nix b/systems/vesuvio/default.nix
index 6ad5404..99e13b4 100644
--- a/systems/vesuvio/default.nix
+++ b/systems/vesuvio/default.nix
@@ -1,17 +1,26 @@
-{config, ...}: {
+{
+  pkgs,
+  config,
+  ...
+}: {
   boot.tmp.cleanOnBoot = true;
   zramSwap.enable = true;
 
-  services.openssh.ports = [4269];
+  environment.systemPackages = with pkgs; [dig traceroute];
 
-  services.frp = {
-    enable = true;
-    role = "server";
-    settings = {
-      bindPort = 7000;
-      auth = {
-        method = "token";
-        token = "{{ .Envs.FRP_TOKEN }}";
+  services = {
+    resolved.enable = false;
+    openssh.ports = [4269];
+
+    frp = {
+      enable = true;
+      role = "server";
+      settings = {
+        bindPort = 7000;
+        auth = {
+          method = "token";
+          token = "{{ .Envs.FRP_TOKEN }}";
+        };
       };
     };
   };
@@ -19,13 +28,17 @@
   age.secrets.frpToken.file = ../../secrets/etna/frpToken.age;
   systemd.services.frp.serviceConfig.EnvironmentFile = config.age.secrets.frpToken.path;
 
-  networking.firewall = {
-    allowedTCPPorts = [22]; # forgejo-ssh
-    allowedTCPPortRanges = [
-      {
-        from = 6000;
-        to = 7000;
-      }
-    ];
+  networking = {
+    networkmanager.dns = "default";
+
+    firewall = {
+      allowedTCPPorts = [22]; # forgejo-ssh
+      allowedTCPPortRanges = [
+        {
+          from = 6000;
+          to = 7000;
+        }
+      ];
+    };
   };
 }