From fff88913be3c394305da0d79f7349557c8682f48 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Tue, 25 Feb 2025 08:42:16 +0100
Subject: [PATCH] refactor: comment out resolved DNS customization

Commented out DNSSEC configuration and single-label resolution in systemd-resolved. This change disables custom DNS behavior to potentially align with default system behavior or compatibility requirements.
---
 systems/aarch64-linux/m4nix/default.nix | 2 +-
 systems/x86_64-linux/sgx/network.nix    | 2 +-
 systems/x86_64-linux/t15/default.nix    | 2 +-
 systems/x86_64-linux/x1/default.nix     | 8 ++++----
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/systems/aarch64-linux/m4nix/default.nix b/systems/aarch64-linux/m4nix/default.nix
index 380fafc..12d5f93 100644
--- a/systems/aarch64-linux/m4nix/default.nix
+++ b/systems/aarch64-linux/m4nix/default.nix
@@ -55,7 +55,7 @@ with lib.metacfg;
   services.ratbagd.enable = true;
 
   services.resolved.enable = true;
-  services.resolved.dnssec = "allow-downgrade";
+  #services.resolved.dnssec = "allow-downgrade";
   services.resolved.extraConfig = ''
     ResolveUnicastSingleLabel=yes
   '';
diff --git a/systems/x86_64-linux/sgx/network.nix b/systems/x86_64-linux/sgx/network.nix
index b4e857a..acf37e1 100644
--- a/systems/x86_64-linux/sgx/network.nix
+++ b/systems/x86_64-linux/sgx/network.nix
@@ -6,7 +6,7 @@
 }:
 {
   services.resolved.enable = true;
-  services.resolved.dnssec = "allow-downgrade";
+  #services.resolved.dnssec = "allow-downgrade";
   services.resolved.extraConfig = ''
     ResolveUnicastSingleLabel=yes
   '';
diff --git a/systems/x86_64-linux/t15/default.nix b/systems/x86_64-linux/t15/default.nix
index e059fd9..cce5666 100644
--- a/systems/x86_64-linux/t15/default.nix
+++ b/systems/x86_64-linux/t15/default.nix
@@ -28,7 +28,7 @@
   system.stateVersion = "23.11";
 
   services.resolved.enable = true;
-  services.resolved.dnssec = "allow-downgrade";
+  #services.resolved.dnssec = "allow-downgrade";
 
   sops.age.sshKeyPaths = [ "/persist/ssh/ssh_host_ed25519_key" ];
   sops.secrets.backup-s3.sopsFile = ../../../.secrets/t15/backup-s3.yaml;
diff --git a/systems/x86_64-linux/x1/default.nix b/systems/x86_64-linux/x1/default.nix
index 8f5c3c8..c8bffcb 100644
--- a/systems/x86_64-linux/x1/default.nix
+++ b/systems/x86_64-linux/x1/default.nix
@@ -51,10 +51,10 @@ with lib.metacfg;
   services.ratbagd.enable = true;
 
   services.resolved.enable = true;
-  services.resolved.dnssec = "allow-downgrade";
-  services.resolved.extraConfig = ''
-    ResolveUnicastSingleLabel=yes
-  '';
+  #services.resolved.dnssec = "allow-downgrade";
+  #services.resolved.extraConfig = ''
+  #  ResolveUnicastSingleLabel=yes
+  #'';
 
   systemd.packages = [ pkgs.cloudflare-warp ]; # for warp-cli