From 06f6aa788de6eb111aa531a50e9cd962819d0a31 Mon Sep 17 00:00:00 2001
From: qoijjj <129108030+qoijjj@users.noreply.github.com>
Date: Mon, 22 Jan 2024 13:43:25 -0800
Subject: [PATCH] fix: switch to a resolved drop-in

---
 config/common/common-scripts.yml                       |  1 -
 .../usr/etc/systemd/resolved.conf.d/securedns.conf     |  2 ++
 config/scripts/securedns.sh                            | 10 ----------
 3 files changed, 2 insertions(+), 11 deletions(-)
 create mode 100644 config/files/usr/etc/systemd/resolved.conf.d/securedns.conf
 delete mode 100644 config/scripts/securedns.sh

diff --git a/config/common/common-scripts.yml b/config/common/common-scripts.yml
index 50bfc97..e68fe70 100644
--- a/config/common/common-scripts.yml
+++ b/config/common/common-scripts.yml
@@ -2,6 +2,5 @@ type: script
 scripts:
   - authselect.sh
   - setfilepermissions.sh
-  - securedns.sh
   # this sets up the proper policy & signing files for signed images to work
   - signing.sh
\ No newline at end of file
diff --git a/config/files/usr/etc/systemd/resolved.conf.d/securedns.conf b/config/files/usr/etc/systemd/resolved.conf.d/securedns.conf
new file mode 100644
index 0000000..51cb74e
--- /dev/null
+++ b/config/files/usr/etc/systemd/resolved.conf.d/securedns.conf
@@ -0,0 +1,2 @@
+DNSSEC=allow-downgrade
+DNSOverTLS=opportunistic
diff --git a/config/scripts/securedns.sh b/config/scripts/securedns.sh
deleted file mode 100644
index 80c1a1b..0000000
--- a/config/scripts/securedns.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/usr/bin/env bash
-
-# Tell build process to exit if there are any errors.
-set -oue pipefail
-
-# https://wiki.archlinux.org/title/systemd-resolved#DNSSEC
-sed -i 's/#DNSSEC=no/DNSSEC=allow-downgrade/' /usr/etc/systemd/resolved.conf
-
-# https://wiki.archlinux.org/title/systemd-resolved#DNS_over_TLS
-sed -i 's/#DNSOverTLS=no/DNSOverTLS=opportunistic/' /usr/etc/systemd/resolved.conf