From f8f95629c7ba2eebcb5240637a4e149160944b15 Mon Sep 17 00:00:00 2001
From: uku <hi@uku.moe>
Date: Wed, 27 Nov 2024 09:51:10 +0100
Subject: [PATCH] fix(vesuvio): disable dnsovertls

---
 configs/common.nix            | 4 ++--
 systems/mottarone/default.nix | 4 ++--
 systems/vesuvio/default.nix   | 5 +++++
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/configs/common.nix b/configs/common.nix
index 142cbd1..c0291e4 100644
--- a/configs/common.nix
+++ b/configs/common.nix
@@ -165,8 +165,8 @@ in {
 
     resolved = {
       enable = true;
-      dnssec = "true";
-      dnsovertls = "true";
+      dnssec = lib.mkDefault "true";
+      dnsovertls = lib.mkDefault "true";
     };
 
     tailscale = {
diff --git a/systems/mottarone/default.nix b/systems/mottarone/default.nix
index 1643b5e..8b3827b 100644
--- a/systems/mottarone/default.nix
+++ b/systems/mottarone/default.nix
@@ -24,7 +24,7 @@ in {
   };
 
   services.resolved = {
-    dnssec = lib.mkForce "allow-downgrade";
-    dnsovertls = lib.mkForce "false";
+    dnssec = "allow-downgrade";
+    dnsovertls = "false";
   };
 }
diff --git a/systems/vesuvio/default.nix b/systems/vesuvio/default.nix
index 1f6e48c..086bfc5 100644
--- a/systems/vesuvio/default.nix
+++ b/systems/vesuvio/default.nix
@@ -18,6 +18,11 @@ in {
     # Needed by the Hetzner Cloud password reset feature.
     qemuGuest.enable = true;
 
+    resolved = {
+      dnssec = "allow-downgrade";
+      dnsovertls = "false";
+    };
+
     frp = {
       enable = true;
       role = "server";