From 250bef81cdd2cd70a4d29fb23df23c2313f6e8f2 Mon Sep 17 00:00:00 2001
From: Crony Akatsuki <crony@cronyakatsuki.xyz>
Date: Thu, 15 May 2025 00:30:42 +0200
Subject: [PATCH 1/2] feat(heimdall): bring dnsmasq back.

---
 modules/servers/heimdall/wireguard.nix | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/modules/servers/heimdall/wireguard.nix b/modules/servers/heimdall/wireguard.nix
index 6431f08..bd01782 100644
--- a/modules/servers/heimdall/wireguard.nix
+++ b/modules/servers/heimdall/wireguard.nix
@@ -13,12 +13,12 @@
     wg-quick.interfaces.wg0.configFile = "${config.age.secrets.wg-heimdall.path}";
   };
 
-  # services.dnsmasq = {
-  #   enable = true;
-  #   settings = {
-  #     interface = "wg0";
-  #   };
-  # };
+  services.dnsmasq = {
+    enable = true;
+    settings = {
+      interface = "wg0";
+    };
+  };
 
   boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
 }

From 8ba62edbc404d2d9ec2ed259023b86f3fcc9c53b Mon Sep 17 00:00:00 2001
From: Crony Akatsuki <crony@cronyakatsuki.xyz>
Date: Thu, 15 May 2025 00:31:03 +0200
Subject: [PATCH 2/2] feat(heimdall): disable systemd-resolved stub resolver.

---
 modules/servers/heimdall/wireguard.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/modules/servers/heimdall/wireguard.nix b/modules/servers/heimdall/wireguard.nix
index bd01782..8e95432 100644
--- a/modules/servers/heimdall/wireguard.nix
+++ b/modules/servers/heimdall/wireguard.nix
@@ -13,6 +13,10 @@
     wg-quick.interfaces.wg0.configFile = "${config.age.secrets.wg-heimdall.path}";
   };
 
+  services.resolved.extraConfig = ''
+    DNSStubListener=no
+  '';
+
   services.dnsmasq = {
     enable = true;
     settings = {