From 857537342a7d726cffc9fbcb8d188474d27400d2 Mon Sep 17 00:00:00 2001
From: Timothy DeHerrera <tim.deh@pm.me>
Date: Thu, 16 Jul 2020 15:16:52 -0600
Subject: [PATCH] stubby: make resolv.conf immutable

---
 profiles/misc/stubby.nix | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/profiles/misc/stubby.nix b/profiles/misc/stubby.nix
index 4f7de05..b588323 100644
--- a/profiles/misc/stubby.nix
+++ b/profiles/misc/stubby.nix
@@ -1,4 +1,4 @@
-{ ... }: {
+{ pkgs, ... }: {
   services.stubby = {
     enable = true;
     upstreamServers = ''
@@ -21,6 +21,13 @@
     };
   };
 
+  system.activationScripts.immutableDns = {
+    text = ''
+      ${pkgs.e2fsprogs}/bin/chattr +i /etc/resolv.conf
+    '';
+    deps = [ ];
+  };
+
   networking = {
     networkmanager.dns = "none";
     resolvconf.dnsExtensionMechanism = false;