diff --git a/nix/kubernetes/flake.nix b/nix/kubernetes/flake.nix
index 36a66e7b..a38d6637 100644
--- a/nix/kubernetes/flake.nix
+++ b/nix/kubernetes/flake.nix
@@ -43,7 +43,14 @@
       ...
     }:
     let
-      forAllSystems = nixpkgs.lib.genAttrs nixpkgs.lib.systems.flakeExposed;
+      forAllSystems =
+        func:
+        builtins.listToAttrs (
+          map (system: {
+            name = system;
+            value = func system;
+          }) nixpkgs.lib.systems.flakeExposed
+        );
       nodes = {
         controller0 = {
           system = "x86_64-linux";
diff --git a/nix/kubernetes/roles/network/default.nix b/nix/kubernetes/roles/network/default.nix
index a25e70dc..db04bed9 100644
--- a/nix/kubernetes/roles/network/default.nix
+++ b/nix/kubernetes/roles/network/default.nix
@@ -42,9 +42,9 @@
     services.resolved = {
       enable = true;
       # dnssec = "true";
-      domains = [ "~." ];
-      fallbackDns = [ ];
-      # dnsovertls = "true";
+      settings.Resolve.Domains = [ "~." ];
+      settings.Resolve.FallbackDNS = [ ];
+      # settings.Resolve.DNSOverTLS = "true";
     };
 
     # Without this, systemd-resolved will send DNS requests for <X>.home.arpa to the per-link DNS server (172.16.0.1) which does not support DNS-over-TLS. This leads to the connection hanging and timing out. This causes firefox startup to take an extra 10+ seconds.