{ config, ... }:

{
  networking.nameservers = [
    "127.0.0.1"
    "::1"
  ];

  networking.nftables.enable = true;
  networking.networkmanager = {
    enable = true;
    dns = "systemd-resolved";
  };

  systemd.network = {
    enable = true;
    wait-online.ignoredInterfaces = [ "tailscale0" ];
  };

  services.dnsmasq.enable = false;
  services.resolved = {
    enable = true;
    # don't use fallback resolvers
    fallbackDns = [ ];
  };

  services.nextdns = {
    enable = true;
    arguments = [
      "-config"
      "b8e2f7"
    ];
  };
}