refactor(networking): split networking into modules

system/modules/networking/resolved/default.nix

@@ -0,0 +1,21 @@
+{ lib, config, ... }:
+
+let
+  cfg = config.systemModules.networking;
+  inherit (lib) mkIf mkEnableOption;
+in
+
+{
+  options.systemModules.networking.resolved = mkEnableOption "Enable systemd resolved daemon";
+
+  config = mkIf cfg.resolved {
+    services.resolved = {
+      enable = true;
+      fallbackDns = ["9.9.9.9"];
+      # allow-downgrade is vulnerable to downgrade attacks
+      extraConfig = ''
+         DNSOverTLS=yes # or allow-downgrade
+      '';
+    };
+  };
+}