{
  config,
  lib,
  pkgs,
  ...
}:

{
  imports = [ ];

  networking.dhcpcd.enable = false;
  networking.useDHCP = false;
  networking.nameservers = [
    "194.242.2.2#doh.mullvad.net"
    "2a07:e340::2#doh.mullvad.net"
  ];
  services.resolved = {
    enable = true;
    dnssec = "true";
    domains = [ "~." ];
    fallbackDns = [ ];
    dnsovertls = "true";
  };

  # Without this, systemd-resolved will send DNS requests for <X>.home.arpa to the per-link DNS server (172.16.0.1) which does not support DNS-over-TLS. This leads to the connection anging and timing out. This causes firefox startup to take an extra 10+ seconds.
  #
  # Test with: drill @127.0.0.53 odo.home.arpa
  networking.extraHosts = "127.0.0.1 odo.home.arpa";

  networking.wireless.iwd = {
    enable = true;

    settings = {
      General = {
        EnableNetworkConfiguration = true;
        AddressRandomization = "network";
        ControlPortOverNL80211 = false;
      };
    };
  };
  environment.systemPackages = with pkgs; [
    iw
    iwd
    ldns # for drill
  ];
}