From 7c01f06554b59b035c383dda08113f8d9ba52130 Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Fri, 25 May 2018 10:47:56 +0200
Subject: feat(configuration): Make /etc/resolv.conf immutable

---
 configuration.nix | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/configuration.nix b/configuration.nix
index 08043924c1fd..de8fcdd395ff 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -2,7 +2,7 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 
 {
   imports =
@@ -39,6 +39,15 @@
     firewall.allowedTCPPorts = [ 5556 5558 ];
   };
 
+  # Generate an immutable /etc/resolv.conf from the nameserver settings
+  # above (otherwise DHCP overwrites it):
+  environment.etc."resolv.conf" = with lib; with pkgs; {
+    source = writeText "resolv.conf" ''
+      ${concatStringsSep "\n" (map (ns: "nameserver ${ns}") config.networking.nameservers)}
+      options edns0
+    '';
+  };
+
   # Configure emacs:
   # (actually, that's a lie, this only installs emacs!)
   services.emacs = {
-- 
cgit 1.4.1