From f9c37df27d2bf581435091ada12a437b521cc728 Mon Sep 17 00:00:00 2001
From: Lillian-Violet <git@lillianviolet.dev>
Date: Fri, 19 Sep 2025 17:05:10 +0200
Subject: [PATCH] update wheatley with DNS over TLS and some added packages to
 shared for DNS and network debugging for the future

---
 nixos/hosts/wheatley/configuration.nix | 30 ++++++++++++++++++++++++++
 nixos/shared/packages/default.nix      |  4 ++++
 2 files changed, 34 insertions(+)

diff --git a/nixos/hosts/wheatley/configuration.nix b/nixos/hosts/wheatley/configuration.nix
index 277a2a6..d36c12c 100644
--- a/nixos/hosts/wheatley/configuration.nix
+++ b/nixos/hosts/wheatley/configuration.nix
@@ -162,6 +162,36 @@
     enable = false;
   };
 
+  services.stubby = {
+    enable = true;
+    settings =
+      pkgs.stubby.passthru.settingsExample
+      // {
+        upstream_recursive_servers = [
+          {
+            address_data = "192.242.2.4";
+            tls_auth_name = "base.dns.mullvad.net";
+            tls_pubkey_pinset = [
+              {
+                digest = "sha256";
+                value = "g8bfYNSxU86c8odFPsdTvWnC2VZkxIiHLZ2a6pydEjI=";
+              }
+            ];
+          }
+          {
+            address_data = "2a07:e340::4";
+            tls_auth_name = "base.dns.mullvad.net";
+            tls_pubkey_pinset = [
+              {
+                digest = "sha256";
+                value = "g8bfYNSxU86c8odFPsdTvWnC2VZkxIiHLZ2a6pydEjI=";
+              }
+            ];
+          }
+        ];
+      };
+  };
+
   networking = {
     hostName = "wheatley";
 
diff --git a/nixos/shared/packages/default.nix b/nixos/shared/packages/default.nix
index d82be3b..81400f0 100644
--- a/nixos/shared/packages/default.nix
+++ b/nixos/shared/packages/default.nix
@@ -43,6 +43,10 @@
       wget
       zsh
       tldr
+      nmap
+      knot-dns
+      libressl
+      nettools
 
       # System libraries
     ])