From fa61c1523b6e4c4e1af29c3c1375a306671534f4 Mon Sep 17 00:00:00 2001
From: Katherina Walshe-Grey <git@qenya.tel>
Date: Wed, 25 Jun 2025 01:14:54 +0100
Subject: [PATCH] boot: Enable resolved/DNS-over-TLS

---
 common/boot.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/common/boot.nix b/common/boot.nix
index eb99def..1eb8089 100644
--- a/common/boot.nix
+++ b/common/boot.nix
@@ -10,4 +10,13 @@ in
     systemd-boot.memtest86.enable = mkIf config.nixpkgs.hostPlatform.isx86 true;
     efi.canTouchEfiVariables = true;
   };
+
+  services.resolved = {
+    enable = true;
+    fallbackDns = [ ];
+    dnsovertls = "true";
+    extraConfig = ''
+      DNS=2a07:e340::4#base.dns.mullvad.net 194.242.2.4#base.dns.mullvad.net
+    '';
+  };
 }