{
  config,
  lib,
  pkgs,
  ...
}:

# Alternative DNS servers:
# "1.0.0.1#cloudflare-dns.com"
# "1.1.1.1#cloudflare-dns.com"
# "2606:4700:4700::1001#cloudflare-dns.com"
# "2606:4700:4700::1111#cloudflare-dns.com"
# "8.8.4.4#dns.google"
# "8.8.8.8#dns.google"
# "2001:4860:4860::8844#dns.google"
# "2001:4860:4860::8888#dns.google"

{
  imports = [ ];

  networking.dhcpcd.enable = false;
  networking.useDHCP = false;
  networking.nameservers = [
    "194.242.2.2#doh.mullvad.net"
    "2a07:e340::2#doh.mullvad.net"
  ];
  services.resolved = {
    enable = true;
    # dnssec = "true";
    domains = [ "~." ];
    fallbackDns = [ ];
    dnsovertls = "true";
  };

  # Without this, systemd-resolved will send DNS requests for <X>.home.arpa to the per-link DNS server (172.16.0.1) which does not support DNS-over-TLS. This leads to the connection anging and timing out. This causes firefox startup to take an extra 10+ seconds.
  #
  # Test with: drill @127.0.0.53 odo.home.arpa
  networking.extraHosts = ''
    127.0.0.1 odo.home.arpa
    10.216.1.1		homeserver
    10.216.1.6		media
    #10.216.1.12		odo
    10.216.1.14		neelix
    10.217.1.1		drmario
    10.217.2.1		mrmanager
  '';

  networking.wireless.iwd = {
    enable = true;

    settings = {
      General = {
        EnableNetworkConfiguration = true;
        AddressRandomization = "network";
        ControlPortOverNL80211 = false;
      };
    };
  };
  environment.systemPackages = with pkgs; [
    iw
    iwd
    ldns # for drill
    arp-scan # To find devices on the network
  ];

  boot.extraModprobeConfig = ''
    # Set wifi to US
    options cfg80211 ieee80211_regdom=US
  '';
}