From 5ab33c154eccb08cd456ef4a9a236338300ec319 Mon Sep 17 00:00:00 2001
From: Aminda Suomalainen <suomalainen+git@mikaela.info>
Date: Sun, 28 Apr 2024 09:13:20 +0300
Subject: [PATCH] systemd-resolved: rename conf files to have a number prefix

---
 etc/systemd/resolved.conf.d/.gitignore                   | 3 ++-
 .../resolved.conf.d/{dot-443.conf => 10-dot-443.conf}    | 0
 .../{dot-adguard.conf => 10-dot-adguard.conf}            | 0
 .../{dot-cloudflare.conf => 10-dot-cloudflare.conf}      | 0
 .../resolved.conf.d/{dot-dns0.conf => 10-dot-dns0.conf}  | 0
 .../{dot-mullvad.conf => 10-dot-mullvad.conf}            | 0
 .../{dot-quad9.conf => 10-dot-quad9.conf}                | 0
 .../{zz-local-resolver.conf => 98-local-resolver.conf}   | 0
 etc/systemd/resolved.conf.d/README.md                    | 9 +++++++--
 etc/systemd/resolved.conf.d/dot-trex.conf                | 1 -
 10 files changed, 9 insertions(+), 4 deletions(-)
 rename etc/systemd/resolved.conf.d/{dot-443.conf => 10-dot-443.conf} (100%)
 rename etc/systemd/resolved.conf.d/{dot-adguard.conf => 10-dot-adguard.conf} (100%)
 rename etc/systemd/resolved.conf.d/{dot-cloudflare.conf => 10-dot-cloudflare.conf} (100%)
 rename etc/systemd/resolved.conf.d/{dot-dns0.conf => 10-dot-dns0.conf} (100%)
 rename etc/systemd/resolved.conf.d/{dot-mullvad.conf => 10-dot-mullvad.conf} (100%)
 rename etc/systemd/resolved.conf.d/{dot-quad9.conf => 10-dot-quad9.conf} (100%)
 rename etc/systemd/resolved.conf.d/{zz-local-resolver.conf => 98-local-resolver.conf} (100%)
 delete mode 120000 etc/systemd/resolved.conf.d/dot-trex.conf

diff --git a/etc/systemd/resolved.conf.d/.gitignore b/etc/systemd/resolved.conf.d/.gitignore
index 71f81f42..a99da082 100644
--- a/etc/systemd/resolved.conf.d/.gitignore
+++ b/etc/systemd/resolved.conf.d/.gitignore
@@ -1 +1,2 @@
-dot-trex.conf
+10-dot-trex.conf
+99-lan-resolver.conf
diff --git a/etc/systemd/resolved.conf.d/dot-443.conf b/etc/systemd/resolved.conf.d/10-dot-443.conf
similarity index 100%
rename from etc/systemd/resolved.conf.d/dot-443.conf
rename to etc/systemd/resolved.conf.d/10-dot-443.conf
diff --git a/etc/systemd/resolved.conf.d/dot-adguard.conf b/etc/systemd/resolved.conf.d/10-dot-adguard.conf
similarity index 100%
rename from etc/systemd/resolved.conf.d/dot-adguard.conf
rename to etc/systemd/resolved.conf.d/10-dot-adguard.conf
diff --git a/etc/systemd/resolved.conf.d/dot-cloudflare.conf b/etc/systemd/resolved.conf.d/10-dot-cloudflare.conf
similarity index 100%
rename from etc/systemd/resolved.conf.d/dot-cloudflare.conf
rename to etc/systemd/resolved.conf.d/10-dot-cloudflare.conf
diff --git a/etc/systemd/resolved.conf.d/dot-dns0.conf b/etc/systemd/resolved.conf.d/10-dot-dns0.conf
similarity index 100%
rename from etc/systemd/resolved.conf.d/dot-dns0.conf
rename to etc/systemd/resolved.conf.d/10-dot-dns0.conf
diff --git a/etc/systemd/resolved.conf.d/dot-mullvad.conf b/etc/systemd/resolved.conf.d/10-dot-mullvad.conf
similarity index 100%
rename from etc/systemd/resolved.conf.d/dot-mullvad.conf
rename to etc/systemd/resolved.conf.d/10-dot-mullvad.conf
diff --git a/etc/systemd/resolved.conf.d/dot-quad9.conf b/etc/systemd/resolved.conf.d/10-dot-quad9.conf
similarity index 100%
rename from etc/systemd/resolved.conf.d/dot-quad9.conf
rename to etc/systemd/resolved.conf.d/10-dot-quad9.conf
diff --git a/etc/systemd/resolved.conf.d/zz-local-resolver.conf b/etc/systemd/resolved.conf.d/98-local-resolver.conf
similarity index 100%
rename from etc/systemd/resolved.conf.d/zz-local-resolver.conf
rename to etc/systemd/resolved.conf.d/98-local-resolver.conf
diff --git a/etc/systemd/resolved.conf.d/README.md b/etc/systemd/resolved.conf.d/README.md
index 7bad7e1b..8f6745c4 100644
--- a/etc/systemd/resolved.conf.d/README.md
+++ b/etc/systemd/resolved.conf.d/README.md
@@ -32,9 +32,14 @@ sudo systemctl restart systemd-resolved
   should exist anyway as I don't trust systemd-resolved entirely. Anyway if
   there truly is no local resolver, systemd-resolved will detect that and act accordingly.)
   - To rephrase, this is to be used together with other files, especially
-    some of those beginning with `dot-`.
-- `dot-*.conf` - configuration to use the DNS provider with DNS-over-TLS.
+    some of those beginning with `10-dot-`.
+- `10-dot-*.conf` - configuration to use the DNS provider with DNS-over-TLS.
   At least one of these should be used in addition to `00-defaults.conf`
+- `98-local-resolver.conf` attempts to configure localhost resolver and
+  disables unnecessary features for that scenario.
+- `99-lan-resolver.conf.sample` when renamed would allow enabling resolvers on
+  LAN assuming they are trusted. Note that if used together with
+  `98-local-resolver.conf`, DNSSEC would be disabled.
 - `README.md` - you are reading it right now.
 
 ## General commentary
diff --git a/etc/systemd/resolved.conf.d/dot-trex.conf b/etc/systemd/resolved.conf.d/dot-trex.conf
deleted file mode 120000
index 0db95ab7..00000000
--- a/etc/systemd/resolved.conf.d/dot-trex.conf
+++ /dev/null
@@ -1 +0,0 @@
-dot-quad9.conf
\ No newline at end of file