diff --git a/nixos/modules/system/boot/resolved.nix b/nixos/modules/system/boot/resolved.nix index 64a15179438f..6006ed7894c9 100644 --- a/nixos/modules/system/boot/resolved.nix +++ b/nixos/modules/system/boot/resolved.nix @@ -128,58 +128,61 @@ in }; - config = mkIf cfg.enable { + config = mkMerge [ + (mkIf cfg.enable { - assertions = [ - { assertion = !config.networking.useHostResolvConf; - message = "Using host resolv.conf is not supported with systemd-resolved"; - } - ]; + assertions = [ + { assertion = !config.networking.useHostResolvConf; + message = "Using host resolv.conf is not supported with systemd-resolved"; + } + ]; - users.users.systemd-resolve.group = "systemd-resolve"; + users.users.systemd-resolve.group = "systemd-resolve"; - # add resolve to nss hosts database if enabled and nscd enabled - # system.nssModules is configured in nixos/modules/system/boot/systemd.nix - # added with order 501 to allow modules to go before with mkBefore - system.nssDatabases.hosts = (mkOrder 501 ["resolve [!UNAVAIL=return]"]); + # add resolve to nss hosts database if enabled and nscd enabled + # system.nssModules is configured in nixos/modules/system/boot/systemd.nix + # added with order 501 to allow modules to go before with mkBefore + system.nssDatabases.hosts = (mkOrder 501 ["resolve [!UNAVAIL=return]"]); - systemd.additionalUpstreamSystemUnits = [ - "systemd-resolved.service" - ]; + systemd.additionalUpstreamSystemUnits = [ + "systemd-resolved.service" + ]; - systemd.services.systemd-resolved = { - wantedBy = [ "multi-user.target" ]; - aliases = [ "dbus-org.freedesktop.resolve1.service" ]; - restartTriggers = [ config.environment.etc."systemd/resolved.conf".source ]; - }; + systemd.services.systemd-resolved = { + wantedBy = [ "multi-user.target" ]; + aliases = [ "dbus-org.freedesktop.resolve1.service" ]; + restartTriggers = [ config.environment.etc."systemd/resolved.conf".source ]; + }; - environment.etc = { - "systemd/resolved.conf".text = '' - [Resolve] - ${optionalString (config.networking.nameservers != []) - "DNS=${concatStringsSep " " config.networking.nameservers}"} - ${optionalString (cfg.fallbackDns != null) - "FallbackDNS=${concatStringsSep " " cfg.fallbackDns}"} - ${optionalString (cfg.domains != []) - "Domains=${concatStringsSep " " cfg.domains}"} - LLMNR=${cfg.llmnr} - DNSSEC=${cfg.dnssec} - DNSOverTLS=${cfg.dnsovertls} - ${config.services.resolved.extraConfig} - ''; + environment.etc = { + "systemd/resolved.conf".text = '' + [Resolve] + ${optionalString (config.networking.nameservers != []) + "DNS=${concatStringsSep " " config.networking.nameservers}"} + ${optionalString (cfg.fallbackDns != null) + "FallbackDNS=${concatStringsSep " " cfg.fallbackDns}"} + ${optionalString (cfg.domains != []) + "Domains=${concatStringsSep " " cfg.domains}"} + LLMNR=${cfg.llmnr} + DNSSEC=${cfg.dnssec} + DNSOverTLS=${cfg.dnsovertls} + ${config.services.resolved.extraConfig} + ''; - # symlink the dynamic stub resolver of resolv.conf as recommended by upstream: - # https://www.freedesktop.org/software/systemd/man/systemd-resolved.html#/etc/resolv.conf - "resolv.conf".source = "/run/systemd/resolve/stub-resolv.conf"; - } // optionalAttrs dnsmasqResolve { - "dnsmasq-resolv.conf".source = "/run/systemd/resolve/resolv.conf"; - }; + # symlink the dynamic stub resolver of resolv.conf as recommended by upstream: + # https://www.freedesktop.org/software/systemd/man/systemd-resolved.html#/etc/resolv.conf + "resolv.conf".source = "/run/systemd/resolve/stub-resolv.conf"; + } // optionalAttrs dnsmasqResolve { + "dnsmasq-resolv.conf".source = "/run/systemd/resolve/resolv.conf"; + }; - # If networkmanager is enabled, ask it to interface with resolved. - networking.networkmanager.dns = "systemd-resolved"; + # If networkmanager is enabled, ask it to interface with resolved. + networking.networkmanager.dns = "systemd-resolved"; - networking.resolvconf.package = pkgs.systemd; + networking.resolvconf.package = pkgs.systemd; - }; + }) + + ]; }